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TITLE OF THE INVENTION 

A DATA PROCESSING METHOD, SYSTEM AND APPARATUS FOR 
PROCESSING A VARIETY OF DEMANDS FROM A SERVICE PROVIDER 

5 

BACKGROUND OF THE INVENTION 
The present invention relates to a data processing method, system and 
apparatus that processes a variety of demands from a plurality of service providers by 
using a single IC (integrated circuit) card. 
10 In the past, in an IC card system, an IC card carried by an individual has been 

recorded with personal information and used for passing through subway and train 
turnstiles, conh-olling entry to and exiting from rooms, etc. 
Q Similar kinds of card-shaped media, for example, pre-paid cards, service cards 

p issued by various stores, and user cards issued by software manufacturers are also in 

© 15 use. 

up These cards, including the IC cards, are individually issued and supplied by the 

respective service providers (businesses) relating to the cards. 
O Note that by making it possible to give an IC card the capacity to enable it to 

ry sufficiently store mformation relating to several services in its built-in memory, 

^ 20 several businesses could share use of a single IC card. 

■-i In this way, businesses that individually issued cards up until now could reduce 

the load of issuing the cards and could secure a large number of users, which are 
difficult for individual businesses to secure. On the users' side, a reduction in the 
number of cards that a user carries and manages, reheves the user of the trouble of 

25 carrying and managing a large number of cards. 

When an IC card is shared by several businesses in this way, however, it 
becomes necessary to deal with a variety of requests. That is, some businesses might 
desire the convenience of an IC card, as if the card was issued by itself, even when 
sharing an IC card with other businesses. Also, specific businesses might not want to 

30 share an IC card. Furthermore, a reduction in the nxmiber of businesses that share a 
card may also be requested. 
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The present invention considers the issues above and provides a data 
processing method, system and apparatus for processing a variety of demands from a 
service provider when a plurality of businesses share a single IC card, 

SUMMARY OF THE INVENTION 
To attain the above object, a data processing method of a first aspect of the 
present invention comprises a data processing method for processing data so that a 
portable device including an integrated circuit storing memory area division data and 
first area management key data which is authorized to perform at least one of a write 
operation to a memory area of said integrated circuit and a rewrite operation to the 
memory area conditional on the use of the first area management key data makes a 
second service provider provide a service using part of said memory area of said 
integrated circuit when issued by a first service provider providing a service using said 
memory area, comprising having a memory area operation unit managing said memory 
area division data encrypt first module data including second area management key 
data by the memory area division data for dividing by and provide the same to the first 
service provider; having the issuer of the portable device, that is, said first service 
provider, encrypt second module data including the encrypted first module by using 
said first area management key data and provide the same to said memory area 
operation unit; and, under the control of the memory area operation unit, providing the 
encrypted second module data to the integrated circuit, decrypting the second module 
data by using the first area management key data m the integrated circuit, decrypting 
the first module data in the decrypted second module by using the memory area 
division data, and dividing the memory area to a first memory area to be used for 
service of the first service provider and a second memory area to be used for service of 
the second service provider by using the second area management key data obtained 
by the decrypting. 

In the above first data processing method, the second memory area used for 
service of the second service provider is suitably formed conditional on the second 
module being decrypted in the integrated circuit and the integrated circuit obtaining 
the second area management key data. 

At this time, smce the first module is encrypted by memory area division data, 
the content of the second area management key data included in the second module 
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can be kept secret from the first service provider. Therefore, the first service provider 
cannot illicitly generate the second module without the permission of the memory area 
operation unit. 

Further, the second module is encrypted by first area management key data, 
5 and the first area management key data is kept secret from the second service provider. 
Therefore, the memory area operation unit cannot illicitly generate a second module 
without permission from the first service provider. 

Namely, since the second module cannot be generated without using both the 
first management key data and memory area division data, the integrated circuit cannot 
10 obtain second area management key data necessary for generating the second memory 
area. 

Further, since both of the memory area division data and the first area 
management key data are kept secret from the second service provider, the second 
p service provider cannot generate a second module. 

M 15 Due to this, insofar as the first service provider, memory area operation unit, 

M 

U and second service provider suitably tie up to perform processing, the second memory 

O area is not formed in the integrated circuit, and greater security can be provided. 

O Furthermore, the data processing method of the first aspect of the present 

J4t invention preferably has the integrated circuit divide the memory area into the fijst 

HI 20 memory area wherein at least one of a write operation and a rewrite operation is 

€3 

pj authorized conditional on use of the first area management key data and the second 

memory area wherein at least one of a write operation and a rewrite operation is 
authorized conditional on use of the second area management key data. 

Further, the data processing method of the first aspect of the present invention 
25 preferably has the integrated circuit fiirther store first system key data and authorize at 
least one of a write operation to the memory area and a rewrite operation in the 
memory area conditional on use of the first system key data and the first area 
management key data; has the memory area operation unit encrypt first module data 
fijrther including second system key data by the key data for dividing and provide the 
30 same to the first service provider; has the first service provider encrypt second module 
data including the encrypted first module and division condition information indicating 
the condition for dividing the memory area for use by another service provider by 
using the first area management key data and provide it to the memory area operation 
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unit; and has the integrated circuit decrypt the second module data by using the first 
area management key data, decrypt the first module data in the decrypted second 
module by using the key data for dividing, and divide the memory area by using the 
second system key data, second area management key data, and division condition 
5 information obtained by the decrypting. 

Further, a data processing system of a second aspect of the present invention 
comprises a data processing system for processing so that a portable device including 
an integrated circuit storing memory area division data and first area management key 
data which is authorized to perform at least one of a write operation to a memory area 
10 of said integrated circuit and a rewrite operation to the memory area conditional on the 
use of the first area management key data makes a second service provider provide a 
service using part of said memory area of said integrated circuit when issued by a first 

0 service provider providing a service using said memory area, wherein the system has a 
memory area operation processing appamtus used by a memory area operation unit 

W 15 which manages the memory area division data, a first service provider processing 

1 apparatus used by the issuer of the portable device, that is, the first service provider, 
^ and a second service provider processing apparatus used by the first service provider; 
O the memory area operation processing apparatus encrypts first module data including 
fU second area management key data by the memory area division data and sends the 
J 20 same to the first service provider processing apparatus; the first service provider 

fU processing apparatus encrypts second module data including the received encrypted 

first module by using the first area management key data and sends the same to the 
memory area operation processing apparatus; the memory area operation processing 
apparatus provides the received encrypted second module data to the integrated circuit; 

25 and the integrated circuit decrypts the second module data by using the first area 

management key data, decrypts the first module data in the decr3^ted second module 
by using the memory area division data, and divides the memory area to a first 
memory area to be used for service of the first service provider and a second memory 
area to be used for service of the second service provider by using the second area 

30 management key data obtained by the decrypting under control of the memory area 
operation unit. 

Further, a portable device accord mg to a third aspect of the present invention is 
a portable device mounting an integrated circuit used for a first service provider 
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providing a service wherein the integrated circuit comprises a memory means for 
storing key data for dividing managed by a memory area operation unit performing 
processing to make a second service provider provide a service using a part of a 
memory area of the integrated circuit and first area management key data; an input 
means for inputting a module including second area management key data issued by 
the memory area operation unit which is encrypted by the memory area operation unit 
by using the memory area division data and furthermore encrypted by the first service 
provider by using the first area management key data; and a processing means for 
decrypting the input module by using the key data for dividing and the first area 
management key data, dividing a memory area of the memory means to a first memory 
area and a second memory area by using the second area management key data in the 
decrypted module, authorizing at least one of a write operation to the first memory 
area and a rewrite operation in the memory area conditional on use of the first area 
management key data and authorizing at least one of a write operation to the second 
memory area and a rewrite operation in the memory area conditional on use of the 
second area management key data. 

Further, a data processing apparatus according to a fourth aspect of the present 
invention is a data processing apparatus for processing so that a portable device 
including an integrated circuit storing memory area division data, a system code for 
identifying a first service provider, and first area management key data which is 
authorized to perform at least one of a write operation to a memory area of said 
integrated circuit and a revmte operation to the memory area conditional on the use of 
the first area management key data makes a second service provider provide a service 
using part of said memory area of said integrated circuit when issued by a first service 
provider providing a first service using said memory area, wherein the apparatus has a 
memory means, processing means, and input/output means; the memory means stores 
rejection information for specifying a service provider which can provide service by 
the same integrated circuit indicated by the first service provider and the second 
service provider; the processing means encrypts a first module including second 
management key data by using the memory area division data; the input/output means 
outputs the encrypted first module to provide it to the first service provider, receives as 
niput a second module including the encrypted first module and encrypted in the first 
service provider by using the first area management key data, and outputs the second 
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module to provide it to a memory area division apparatus for dividing the memory area 
under control of the second service provider so that a part of the memory area of the 
integrated circuit can be used by the second service provider; the processing means 
generates a registerabie system code list indicating the system code added to the first 
service provider which can provide service by the same integrated circuit as the second 
service provider based on the rejection information; and the input/output means 
outputs the system code list to provide it to the memory area division apparatus. 

Further, a data processing apparatus accordmg to a fifih aspect of the present 
invention is a data processing apparatus for processing so that a portable device 
including an integrated circuit storing distribution key data, a system code for 
identifying a first service provider, and first area management key data which is 
authorized to perform at least one of a write operation to a memory area of said 
integrated circuit and a rewrite operation to the memory area conditional on the use of 
the first area management key data makes a second service provider provide a service 
using part of said memory area of said integrated circuit when issued by a first service 
provider providing a first service using said memory area, wherein the apparatus has a 
memory means, input/output means, and processmg means; the memory means stores 
a module including second area management key data issued by a memory area 
operation unit for managing processing of the data processing apparatus and encrypted 
by the memory area operation unit by using the distribution key data and a registerabie 
system code list indicating the system code added to the first service provider which 
can provide service by the same integrated circuit as the second service provider; the 
input/output means receives as input the system code firom the integrated circuit; and 
the processing means outputs the module to the integrated circuit via the input/output 
means when it judges that the input system code is indicated in the registerabie system 
code list. 

Further, a data processing apparatus according to a sixth aspect of the present 
invention is a data processing apparatus for performing processing to write file data in 
a second memory area of an integrated circuit having a first memory area wherein at 
least one of a write operation and rewrite operation of file data used for providing a 
first service is authorized conditional on use of first area management key data and a 
second memory area wherein at least one of a write operation and rewrite operation of 
file data used for providing a second service is authorized conditional on use of second 
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area management key data, comprising a memory means storing third area 
management data and file key data which is issued by the second service provider, 
used at the time of writing the file data to a third memory area, and encrypted by the 
third area management key data when a plurality of third memory areas are defined in 
the second memory area, third memory management key data used for performing at 
least one of a write operation to a third memory area and a rewrite operation in the 
third memory area is defined for each of the plurality of third memory areas, and said 
integrated circuit stores said third area management key data; an output means for 
outputting the encrypted file key data to the integrated circuit; and a writing means for 
writing file data to be used for providing the second service to the second memory area ' 
of the integrated circuit by using the file key data. 

Further, a portable unit issuing method according to a seventh aspect of the 
present invention comprises issuing a portable unit including an integrated circuit 
storing memory area division data and first area management key data and authorizing 
at least one of a write operation to a memory area in said integrated circuit and a 
rewrite operation in the memory area conditional on use of the first area management 
key data and requesting a memory area operation unit managing the memory area 
division data to divide the memory area of the integrated circuit to a first memory area 
wherein at least one of a write operation and re-write operation in the memory area is 
authorized conditional on use of the first area management key data and a second 
memory area wherein at least one of a write operation and a rewrite operation in the 
memory area is authorized conditional on use of the second area management key data 
by using the memory area division data. 

Further, a program according to an eighth aspect of the present invention is a 
program for making a computer execute processing so that a portable device including 
an integrated circuit storing memory area division data, a system code for identifying a 
first service provider, and first area management key data which is authorized to 
perform at least one of a write operation to a memory area of said integrated circuit 
and a rewrite operation to the memory area conditional on the use of the first area 
management key data makes a second service provider provide a service using part of 
said memory area of said integrated circuit when issued by a first service provider 
providing a first service using said memory area, comprising making the computer 
execute a routine for receiving as mput the system code fi-om the integrated circuit; a 
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routine for referring to a registerable system code list indicating the system code given 
to the first service provider which can provide a service by the same integrated circuit 
as the second service provider and judging whether the input system code is indicated 
in the registerable system code hst; and a routine for outputting to the integrated circuit 
a module including second area management data issued by a memory area operation 
unit managing execution of the program and encrypted by the memory area operation 
unit by using the memory area division data and further encrypted by the first service 
provider by using the first area management key data when judging that the input 
system code is indicated in the registerable system code list 

Further, a data processing method according to a ninth aspect of the present 
invention is a data processing method for processing so that a portable device 
including an integrated circuit storing distribution key data, a system code for 
identifymg a first service provider, and first area management key data which is 
authorized to perform at least one of a write operation to a memory area of said 
integrated circuit and a rewrite operation to the memory area conditional on the use of 
the first area management key data makes a second service provider provide a service 
using part of said memory area of said integrated circuit when issued by a first service 
provider providing a first service using said memory area, comprising a routine of 
inputting the system code from the integrated circuit; a routine of referring to a 
registerable system code list indicating the system code given to the first service 
provider which can provide service by the same integrated circuit as the second service 
provider and judging whether the input system code is indicated in the registerable 
system code list; and a routine of outputting to the integrated circuit a module 
including second area management data issued by a memory area operation unit 
managmg execution of the program and encrypted by the memory area operation unit 
by using the distribution key data and further encrypted by the first service provider by 
using the first area management key data when it judges that the input system code is 
indicated in the registerable system code list. 

Further, a program according to a tenth aspect of the present invention is a 
program for making a computer execute processing for writing file data to a second 
memory area of an integrated circuit having a first memory area wherein at least one of 
a write operation and rewrite operation of file data used for providing a first service is 
authorized conditional on use of first area management key data and a second memory 
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area wherein at least one of a write operation and rewrite operation of file data used for 
providing a second service is authorized conditional on use of second area 
management key data, comprising making the computer execute a routine of 
outputting to the integrated circuit file key data which is issued by a second service 
provider, used at the time of writing the file data in a tliird memory area, and encrypted 
by a third area management data when a plurality of third memory areas are defined in 
the second memory area, a third memory management key data used for performing at 
least one of a write operation to a third memory area and a rewrite operation in the 
third memory area is defined for each of the pliurality of third memory areas, and the 
integrated circuit stores the third area management key data and a routine of writing 
file data used for providing the second service in the second memory area of the 
integrated circuit by using the file key data. 

Further, a data processing method according to an eleventh aspect of the 
present invention is a data processing method for performing processing for writing 
file data to a second memory area of an integrated circuit having a first memory area 
wherein at least one of a write operation and rewrite operation of file data used for 
providing a first service is authorized conditional on use of first area management key 
data and a second memory area wherein at least one of a write operation and rewrite 
operation of file data used for providing a second service is authorized conditional on 
use of second area management key data, comprising a routine of outputting to the 
integrated circuit file key data which is issued by a second service provider, used at the 
time of writing the file data in a third memory area, and encrypted by a third area 
management data when a plurality of third memory areas are defined in the second 
memory area, a third memory management key data used for performing at least one 
of a write operation of data to a third memory area and a rewrite operation of data in 
the third memory area is defined for each of the plurality of third memory areas, and 
the integrated circuit stores the third area management key data and a routine of 
writing file data iised for providing the second service in the second memory area of 
the integrated circuit by using the file key data. 

BRffiF DESCRIPTION OF THE FIGURES 
FIG. 1 is a view of the overall configuration of a communication system 
according to an embodiment of the present invention; 
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FIG. 2 is a block diagram showing the functions of the IC card shown in FIG. 

1; 

FIG. 3 is a block diagram explaining how data is stored in a memory of the IC 
card shown in FIG. 2 after issuance by an IC card issuer and before processing by a 
5 card memory area operator 22; 

FIG. 4 is a block diagram showing the functions of an issuer communication 
apparatus 1 1 shoAvn in FIG. 1 ; 

FIG, 5 is a block diagram showing the functions of an operator communication 
apparatus 12 shown in FIG, 1; 
1 0 FIG. 6 is a block diagram of the functions of a memory area division 

registration apparatus 14 shown in FIG. 1; 

FIG. 7 is a block diagram showing the functions of an operation file 
Q registration apparatus 15 shown in FIG. 1; 

FIG. 8 is a flowchart explaining the overall operation of the conununication 
m 15 system shown in FIG. 1 ; 

^ FIG. 9 is a flowchart explaining the package data generation processing of step 

O STl shown in FIG. 8; 

O FIG. 1 OA, FIG. 1 OB, and FIG. 1 OC are views explaining package data Pf and 

HI 20 FIG. 1 1 is a flowchart explaining the delivery and setting of a memory area 

rd division apparatus at step ST2 shown in FIG. 8; 

FIG. 12 is a view explaining first issued data; 

FIG. 13 is a flowchart explaining what follows the setting of the memory area 
division registration apparatus 14 at step ST3 shown in FIG- 8; 
25 FIG. 14A is a view explaining an area code acquisition request; 

FIG. 14B is a view explaining an apparatus code list; 

FIG. 14C is a view explaining an area management code hst; 

FIG. 15A is a view explaining a registerable system code list; 

FIG. 15B is a view explaining area registration permission data; 
30 FIG. 16 is a view explaining data stored in the memory of the memory area 

division apparatus after completing step ST3 shown in FIG. 8; 

FIG. 17 is a view explainmg what follows the setting of an operation file 
registration apparatus at step ST4 shown in FIG. 8; 
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FIG. 18 is a view explaining how data is stored in the operation file registration 
apparatus after completing step ST4 shown in FIG. 8; 

FIG. 19A and FIG. 19B are views explaining file registration permission data; 

FIG. 20 is a flowchart explaining memory area division processing of the IC 
card by the memory area division apparatus performed at step ST5 shown in FIG. 8; 

FIG. 21 is a flowchart continued fi-om FIG. 20; 

FIG. 22 is a view explaining a state after dividing the memory area of the IC 

card; 

FIG. 23 is a view explaining a state after defining an area ("AREA") in the 
memory area of the IC card; 

FIG. 24 is a view explaining registration processing of file data to the IC card 
by the operation file registration ^paratus performed at stq> ST6 shown in FIG. 8; 

FIG. 25 is a view explaining the memory area of the IC card after the 
registration of the file data; 

FIG. 26 is a block diagram explaining division of a memory space in an IC 
card system explained with reference to an embodiment of the present invention; 

FIG. 27 is a block diagram showing the IC card system shown in FIG. 26; 

FIG. 28 is a simplified diagram explaining the memory space of the IC card 
shown in FIG. 26; 

FIG. 29 is a simpUfied diagram of the memory space after division; 

FIG. 30 is a simplified diagram explaining pre-processing of rejection 
processing in the IC card system shown in FIG. 26; 

FIG. 3 1 is a simplified diagram explaining processing continued firom the 
processing in FIG. 30; 

FIG. 32 is a simplified diagram explaining processing continued from the 
processing in FIG. 3 1 ; and 

FIG. 33 is a simplified diagram explaining registration processing in the IC 
card system shown in FIG. 26. 

DETAIL.ED DESCRIPTION OF THE INVENTION 
Below, the best mode for carrying out the present invention will be explained 
with reference to the attached drawings. 
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FIG. 1 is a view of the overall configuration of a communication system 1 
according to an embodiment of the present invention. 

As shown in FIG. 1, the communication system 1 comprises, for example, an 
issuer communication apparatus 1 1 to be used by an IC card issuer 21, an operator 
communication apparatus 12 to be used by a card memory area operator 22, a 
manufacturer communication apparatus 13 to be used by an apparatus manufacturer 
23, and a memory area division registration apparatus 14 and an operation file 
registration apparatus 15 to be used by a card memory area user 24. 

In the conmiunication system 1, when the IC card issuer 21 issues an IC card 
16 to a card holder 26, it registers file data related to the services provided by the card 
memory area user 24 in the IC card 16 based on predetermined conditions so that the 
card holder 26 can receive services from both the IC card issuer 21 and the card 
memory area user 24 by using a single IC card 16. 

As shown in FIG. 1 , in the communication system 1, the issuer communication 
apparatus 1 1, ttie operator communication apparatus 12, the manufacturer 
conraiunicafion apparatus 13, the memory area division registration apparatus 14, and 
the operation file registration apparatus 15 are connected via a network 17. 

In FIG. 1, the IC card issuer 21 issues the IC card 16 and provides its own 
services for the IC card 16. 

The card memory area operator 22 receives a request fi-om the IC card issuer 
2 1 and provides the card memory area user 24 a memory area that the IC card issuer 
21 does not use in the memory area of the memory (semiconductor memory) in the IC 
card 16 issued by the IC card issuer 21 . 

The apparatus manufacturer 23 receives a request fi-om the card memory area 
operator 22, produces the memory area division registration apparatus 14, and delivers 
the same to the card memory area user 24. 

The card memory area user 24 issues a request to the card memory area 
operator 22 and provides its own services for the memory area of the IC card 16. 

The card holder 26 is issued the IC card 16 by the IC card issuer 21 and 
receives the services provided by the IC card issuer 21 . When the card holder 26 
wants to receive services provided by the card memory area user 24 after the issuance 
of the IC card 16, it is possible to store file data related to the services of the card 
memory area user 24 in the IC card 16. The file data is stored by using the memory 
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area division registration apparatus 14 and the operation file registration apparatus 15 
to receive the services of the card memory area user 24. 

Because the single IC card 16 includes the services of the IC card issuer 21 
and the card memory area user 24, the communication system 1 is configured so that it 
is difficult for an unauthorized person to iUicitly write and rewrite data in a memory 
area where the file data related to the services of the IC card issuer 21 and the card 
memory area user 24 is stored. 

Note that in FIG. 1, there is only one IC card issuer 21, card memory area user 
24, and card holder 26 shown in the example. The present invention, however, can be 
used with one or more IC card issuer 21, card memory area user 24, and card holder 
26. 

Also, the correspondence of the components of the present embodiment and the 
components of the claims is, for example, that the IC card issuer 21 and the issuer 
communication apparatus 1 1 correspond to the first service provider of the present 
invention. Furthermore, the card memory area user 24 corresponds to the second 
service provider of the present invention. The operator communication apparatus 12 
and the card memory area operator 22 correspond to the memory area operator of the 
present invention. 

Also, the area management key data K_AM_(i) corresponds to the first area 
management key data of the present invention and the area management key data 
K AM F corresponds to the second area management key data of the present 
invention. 

Furthermore, the IC card 16 corresponds to the portable device provided with 
an integrated circuit of the present invention. 

Note that in the present embodiment, the IC card 16 is shown as an example of 
the portable device of the present invention. However, the portable device of the 
present invention may also be a portable telephone device, portable information 
terminal apparatus, or other similar devices, provided with an IC (integrated circuit). 

Also, package data Pf corresponds to the fu-st module of the present invention, 
while package data Pj corresponds to the second module of the present invention. 

Also, an uppermost area AREA MU (i) corresponds to a first memory area of 
the present invention, while an uppermost area AREA_MU_F corresponds to a second 
area memory area of the present invention. Also, a lower layer of the area AREA of 

418827/D/2 CP0B02_ tA 



the uppermost area AREA_MU_F corresponds to the third memory area of the present 
invention. 

First, the components of the communication system 1 shown in FIG. 1 will be 
explained. 

5 Referring to FIG. 2, a block diagram shows the functions of the IC card 1 6 of 

FIG, 1. 

In FIG. 2, the IC card 16 comprises, for example, an input/output interface 3 1 , 
a memory 32, and a processor 33. 

The input/output interface 31 ,is an interface for inputting/outputting data and 
1 0 requests by a non-contact mefeod or a contact method between the memory area 

division registration apparatus 14 and the operation file registration apparatus 15 when 
mounted in the memory area division registration apparatus 14 and the operation file 
registration apparatus 15, respectively. 

The memory 32 is for example a semiconductor memory which stores data 
15 related to services provided by the IC card issuer 21, the card memory area user 24 and 
data related to an operation by the card memory area operator 22 as discussed below. 
The processor 33 performs processing related to the fimctions of the IC card 

16. 

FIG. 3, is a view explaining how data is stored in the memory 32 of the IC card 
^ 20 16 shown in FIG. 2 after the issuance of the IC card 1 6 by the IC card issuer 2 1 , and 
PJ before operation processing by the card memory area operator 22. 

As shown in FIG. 3, the memory 32 stores a system code SYSC_(i) assigned to 
the IC card issuer 21 and system key data SYS_K_(i) linked with the system code 
SYSC_(i). 

25 Also, as shown in FIG. 3, the memory 32 for example has a hierarchical 

structure wherein the uppermost memory area AREA_MU_(i) is the uppermost layer 
and a plurality of areas AREA_(i) are defined as lower layers thereof An area 
AREA_(i) may be fiulhermore defined as a lower layer of the area AREA shown in 
FIG. 3. 

30 The uppermost area management key data K_MU_(i) is assigned to the 

uppermost memory area AREA_MU_(i). 

The areas AREA_(i) are assigned the area management code AMC_{!) and area 
management key data K_AM_(i). 
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Also, a plurality of file data FILE (i) for performing processing related to 
services provided by the IC card issuer 21 are set (stored) in the area AREA Ji). 

Also, in correspondence to the file data FILE_(i), the memory 32 stores service 
codes SC_(i) assigned to services provided by using the file data and file management 
key data K_FM_(i) used for setting the file data FILE_(i). 

Referring to FIG. 4, a block diagram shoves the functions of the issuer 
communication apparatus 11 of FIG. 1. 

As shown in FIG. 4, the issuer communication apparatus 1 1 comprises for 
example a conununication interface 41, a memory 42, and a processor 43. 

The issuer communication apparatus 1 1, as shown in FIG. 3, performs 
processing for encrypting the package data Pf received fi^om the operation 
communication apparatus 12 by using the system key data SYS_K_(i) stored in the 
memory 32 of the IC card 16 in a secured state (secret state) so as to generate the 
package data Pj as will be explained later. 

Note that the system key data SYS_K_(i) is known only by the IC card issuer 
21 and kept secret fi*om the card memory area operator 22, the apparatus manufacturer 
23, and the card memory area user 24 shown in FIG. 1 . 

The communication interface 41 is an interface for sending/receiving data with 
the operation conununication apparatus 12 via the network 17. 

The memory 42 stores the data shown m FIG. 3, which is stored in the IC card 
16 issued by the IC card issuer 21. 

The processor 43 performs processing operations (generation of Pj) related to 
the lending of the memory 32 with the operation communication apparatus 12 as will 
be explained later. 

Referring to FIG. 5, a block diagram shows the fiinctions of the operator 
commimication apparatus 12 of FIG. 1. 

As shovm in FIG. 5, the operator conununication apparatus 12 comprises, for 
example, a communication interface 51, a memory 52, and a processor 53. 

The operator conmiunication apparatus 12 manages a variety of processing for 
lending a memory area of the memory 32 of the IC card 16 to the card memory area 
user 24. 
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The communication interface 51 is an interface for sending/receiving data 
between the issuer communication apparatus 1 1, the memory area division registration 
apparatus 14, and the operation file registration apparatus 15 via the network 17. 

The memory 52 stores a system code SYSC_F related to a new memory area to 
be formed by dividing the memory area of the memory 32 and system key data 
SYS_K_F corresponding to the system code SYSC F etc. Also, the memory 52 stores 
division key data K_D. 

The processor 53 performs various processing operations for lending a memory 
area of the memory 32 to the card memory area user 24 as will be explained later. 

Referring to FIG. 6, a block diagram shows the functions of the memory area 
division registration ^paratus 14 of FIG. 1. 

The memory area division registration apparatus 14 is for example provided to 
a store etc. of the card memory area user 24. Note that the memory area division 
registration apparatus 14 may also be provided at a store or similar location of the 
operator communication apparatus 12. 

Also, the memory area division registration apparatus 14 is produced by the 
apparatus manufacturer 23 and delivered to the card memory area user 24. 

As shown in FIG. 6, the memory area division registration apparatus 14, for 
example, comprises a communication interface 61, a card interface 62, an operator 63, 
a memory 64, and a processor 65. 

The communication interface 61 is an interface for sending/receiving data with 
the operator communication apparatus 12 via the network 17. 

The card interface 62 is an interface connected to the input/output interface 3 1 
of the IC card 16 shown in FIG. 2 which inputs/outputs data and requests from/to the 
input/output interface 3 1 when the IC card 16 is moimted in the memory area division 
registration apparatus 14. 

The operator 63 is used, for example, when the card holder 26, who visited a 
store of the card memory area user 24, inputs an instruction. 

The memory 64 stores data required for processing of the processor 65. 

The processor 65 performs processing for dividing the memory area of memory 
32 to form a memory area for writing file data related to the services of the card 
memory area user 24. 
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Referring to FIG. 7, a block diagram shows the fiinctions of the operation file 
registration apparatus 15 of FIG. 1. 

The operation file registration apparatus 15 is, for example, provided at a store 
or similar location of the card memory area user 24. 
5 As shoAvn in FIG. 7, the memory area division registration apparatus 14 for 

example comprises a communication interface 71, a card interface 72, an operator 73, 
a memory 74, and a processor 75. 

The communication interface 71 is an interface for sending/receiving data with 
the operator communication apparatus 12 via the network 1 7. 
1 0 The card interface 72 is an interface connected to the input/output interface 3 1 

of the IC card 16 shown in FIG. 2 which inputs/outputs data and requests to/fi-om the 
input/output interface 31 when the IC card 16 is mounted in the operation file 
registration ^paratus 15. 

The operator 73 is used by a card holder 26, who visits a store of the card 
1 5 memory area user 24, to input an instruction. 

The memory 74 stores data required for processing of the processor 75. 

The processor 75 performs processing for writing file data, related to the 
services provided by the memory area division registration apparatus 14, in the 
memory area divided by the above memory area division registration apparatus 14. 
20 Below, an example of the operation of the communication system 1 shown in 

FIG. 1 will be explained. 

First, an outline of the overall operation of the communication system shown in 
FIG. 1 will be explained. 

FIG, 8 is a flowchart for explaining the overall operation of the commimication 
25 system 1 shown in FIG. 1. 

StepSTl: 

The operator communication apparatus 12 generates package data Pf including 
a system code SYSC__F used at the time of dividing the memory area of the memory 
32 of the IC card 16 and uppermost area management key data K MU F, encrypts it 
30 by division key data K_D and sends it. The issuer communication apparatus 1 1 
encrypts the package data Pf by using the system key data SYS_K_(i) to generate 
package data Pj, which is sent to the operator communication apparatus 12. 

The package data Pj is held by the operator communication apparatus 12. 
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Step ST2: 

The memory area division registration apparatus 14 is delivered from the 
apparatus manufacturer 23 to the card memory area user 24. 

Also, the system code SYSC_(i) and the package data Pj, etc. are sent from the 
operator communication apparatus 12 to the memory area division registration 
apparatus 14 and stored in the memory area division registration apparatus 14. 

Step ST3: 

A registerable system code list RPSL and area registration permission data 
INF^ARP are sent from the operator communication apparatus 12 to the memory area 
division registration apparatus 14 and stored in the memory area division registration 
apparatus 14. 

The registerable system code list RPSL includes a system code of the IC card 
16 to which file data of services related to the card memory area user 24 can be 
registered by using the memory area division registration apparatus 14. 

The area registration permission data INF_ARP is used for registering an area 
AREA F defined in a new memory area obtained by dividing the memory area of the 
IC card 16. 

Step ST4: 

The area management key data K_QM_F is provided by a secured path from 
the operator communication apparatus 12 to the operation file registration apparatus 
15. 

Here, the area management data K_AM_F is used at the time of writing file 
data in one or more areas AREA F defined in the new memory area formed by 
dividing the memory area of the IC card 16. 

Also, file registration permission data FRP is generated in the operation file 
registration apparatus 15. 

Step ST5: 

For example, when the card holder 26 loads the IC card 16 in the memory area 
division registration apparatus 14, the memory area division apparatus divides the 
memory area of the memory 32 of the IC card 16 by performing predetermined 
processing to define a memory area used by the IC card issuer 21 (the uppermost area 
AREA_MU__(i) shown in FIG. 3) and a new memory area used by the card memory 
area user 24 (the uppermost area management key data area MU F). 
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step ST6: 

When the card holder loads the IC card 16 in the operation file registration 
apparatus 15, file data related to the service provider provided by the card memory 
area user 24 is written by using the file registration permission data FRP into the new 
memory area defined at step ST5. 

As a result, the card holder 26 can receive services fi-om both the IC card issuer 
21 and the card memory area user 24 by using a single IC card 16. 

Below, each of the steps shown in FIG. 8 will be explained in detail by using a 
flowchart. 

First, package data generation processing of the step STl shown in FIG, 8 will 
be explained. 

FIG. 9 is a flowchart for explaining the processing. 
Step ST21: 

The processor 53 of the operator communication apparatus 12 shown in FIG. 1 
and FIG. 5, as shown in FIG. lOA, divides the memory area of the memory 32 and 
generates the package data Pf including the system code SYSC_F of the uppermost 
area AREA_MU_F and the corresponding system key data S YS_K_F. 

Step ST22: 

The processor 53 of the operator communication apparatus 12, as shown in 
FIG. 1 OB, encrypts the package data Pf generated at step STl by using division key 
data K_D read from the memory 52. 

Step ST23: 

The package data Pf generated at step ST22 is sent to the issuer communication 
apparatus 1 1 via the communication interface 51 of the operator conmnmication 
apparatus 12 and the network 17. 

The package data Pf is received by the communication interface 41 of the 
issuer conmiunication apparatus 1 1 shown in FIG. 4. 

Step ST24: 

The processor 43 of the operator communication apparatus 1 1 shown in FIG. 4 
generates the package data Pj. The package data Pj includes the division block number 
data for defining a memory capacity of the memory area requested to be operated by 
(lent to) the card memory area operator 22 in memory 32 and the package data Pf 
received at step ST23, 
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Step ST25: 

The processor 43 of the issuer communication apparatus 1 1 encrypts the 
package data Pj generated at step ST24 by the uppermost area management key data 
K_MU_(i) read from the memory 42. 
5 Step ST26: 

The processor 43 of the issuer communication apparatus 1 1 sends to the 
operator communication apparatus 12 the system code SYSC_(i), rejection 
information RI_(i), and the package data Pj encrypted at step ST25 via the 
commimication interface 41 and the network 17. 
1 0 These are received by the conmiunication interface 5 1 of the operator 

communication apparatus 12 shown in FIG. 5. 

Here, the rejection information RI_(i) is the information that specified which 
parties services are rejected by the IC card issuer 21 when using the same IC card 16. 

Step ST27: 

15 The processor 53 of the operator communication apparatus 1 2 shown in FIG. 5 

writes in the memory 52 the system code SYSC_(i), the rejection information RI_(i), 
and the encrypted package data Pj received at step ST26. 

Next, delivery and setting of the memory area division registration apparatus 
14 at step ST2 shown in FIG. 8 will be explained. 
20 FIG. 11 is a flowchart for explaining the processing. 

StepST31: 

The card memory area user 24 orders the memory area division registration 
apparatus 14 from the card memory area operator 22. 
Step ST32: 

25 When the card memory area operator 22 receives the order at step ST3 1 , it 

issues an apparatus code AC (registration machine code) to the memory area division 
registration apparatus 14 to be delivered to the card memory area user 24 and notifies 
the card memory area user 24 of same. 
Step ST33: 

30 The card memory area user 24 uses the apparatus code AC notified at step 

S 132 to request delivery of the memory area division registration apparatus 14 to the 
apparatus manufacturer. 
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The above steps ST31 to ST33 are perfomied by using a personal computer of 
the card memory area user 24, telephone, and mail. 
Step ST34: 

The apparatus manufacturer 23 inquires about the legitimacy of the apparatus 
5 code AC to the card memory area operator 22 when needed in accordance with the 
delivery request received at step ST33 and delivers the memory area division 
registration apparatus 14, storing the apparatus code AC, to the card memory area user 
24. 

Step ST35: 

1 0 When the card memory area operator 22 receives, for example, a dehvery 

completion notice of the memoiy area division registration apparatus 14 from the card 
memory area user 24, it reads the system code SYSC_(i), the encrypted package data 
Pj, and first issuance data INFl from the memory 52 under the control of the 
processor 53 of the operator communication apparatus 12 shown in FIG. 5 and sends 
15 ^e same to the memory area division registration apparatus 1 4 via the communication 
interface 51 and the network 17. 

The data is received by the communication interface 61 of the memory area 
division registration apparatus 14 shown in FIG, 6. 

Here, the first issuance data INF_1 is, for example, as shown in FIG. 12, data 
20 obtained by encrypting module data including the uppermost area management data 
K_MU_F and the system code SYSC_F by the upper most area management key data 
K_MU_F. 

Step ST36: 

The processor 65 of the memory area division registration apparatus 14 shown 
25 in FIG. 6 writes in the memory 64 the system code SYSCJi), the encrypted package 
data Pj, and the first issuance data information INF_1 received at step ST35. 

Next, a continuation of the setting of the memory area division registration 
apparatus 14 at step ST3 in FIG. 8 will be explained. 

FIG. 13 is a flowchart for explaining the processing. 
30 StepST41: 

The card memory area user 24 operates the operator 63 of the memory area 
division registration apparatus 14 shown in FIG. 14 to input an area management code 
acquisition instruction. Due to this, an area management code acquisition request 
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REQ_AMC shown in FIG. 14A is sent to the operator communication apparatus 12 vi; 
the communication interface 61 and the network 17. 

The area management code acquisition request is received by the 
commimication interface 51 of the operator communication apparatus 12 shown in 
FIG. 5. 

As shown in FIG, 14A, the area management code acquisition request 
REQ_AMC indicates the apparatus code AC, rejection information RI_F, number of 
registration areas, number of blocks of each of the registration areas, and number of 
service codes. 

Here, the apparatus code AC is notified to the card memory area user 24 from 
the card memory area operator 22 at step ST32 shown in FIG. 1 1 . 

The rejection information RI F is the information for specifying a party for 
which provision of services using the same IC card 16 is rejected by the IC card issuer 
2L 

The number of registration areas is the number of areas AREA__F that the card 
memory area user 24 desires to use for storing file data relating to its own services and 
is defined after division of the memory 32 of the IC card 16. 

The number of blocks of each of the registration areas is the number of blocks 
assigned to the area, AREA. 

The number of ser\ace codes is the nimiber of service codes which the card 
memory area user 24 desires to use for storing file data relatmg to its own services. 

Step ST42: 

When the processor 53 of the operator communication apparatus 12 shown in 
FIG. 5 receives the area management code acquisition request at step ST41, it 
generates an apparatus code list MCL and an area management code list ACL and 
stores the same in the memory 52. 

The apparatus code list ACL indicates, as shown in FIG. 14B, the apparatus 
code AC assigned to the memory area division registration apparatus 14, the area 
management code AMC_F (application code) assigned to one or more areas AREA 
defined in the memory management area divided by the memory area division 
registration apparatus 14, and the rejection information RI F received at step ST41 in 
correspondence. 
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Furthermore, the area management code Hst AMCL is, as shown in FIG. 14C, 
generated for every area management code AMC_F (application code) indicated by the 
apparatus code list ACL in FIG. 14B and indicates the area management code AMC_F 
(application key), the area management key data K_AM F corresponding to the 
corresponding area AREA F, and file data written in the area, AREA F. 

Step ST43: 

The processor 53 of the operator conmiunication apparatus 12 shown in FIG. 5 
uses the same IC card 16 as that of the card memory area user 24 to specify the IC card 
issuer 21, which can provide services based on the rejection information RI_(i) stored 
in the memory 52 at step ST27 shown in FIG. 9 and the rejection information RI_F 
stored at step ST41. 

Step ST44: 

The processor 53 of the operator conMnunication apparatus 12 uses the system 
code assigned to the IC card issuer 21 specified at step ST43 to generate a registerable 
system code list RPSL. 

The registerable system code list RPSL indicates, as shown in FIG. 15 A, the 
apparatus code AC assigned to the memory area division registration apparatus 14 and 
the system code SC assigned to one or more IC card issuers 21 specified at step ST43 
in correspondence. 

Step ST45: 

The processor 53 of the operator communication apparatus 12 encrypts the area 
management code list AMCL generated at step ST42 and shown in FIG. 14C by the 
uppermost area management key data K_MU_F to generate area registration 
permission data HMF ARP. 

Step ST46: 

The processor 53 of the operator communication apparatus 12 sends the 
registerable system code list RPSL and the area registration permission data INF^ARP 
generated at step ST45 to the memory area division registration apparatus 14 via the 
communication interface 51 and the network 17, 

These are received by the communication interface 61 of the memory area 
division registration apparatus 14 shown in FIG. 6. 
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Step ST47: 

The processor 65 of the memory area division registration apparatus 14 shown 
in FIG. 6 stores the registerable system code Hst RPSL and the area registration 
permission data INF ARP received at step ST46 in the memory 64. 

At the stage of completing the above steps up to the step ST3 shown in FIG. 8, 
the memory 64 of the memory area division registration apparatus 14 stores, as shown 
in FIG. 16, the encrypted package data Pj shown in FIG. IOC, the encrypted first 
issuance data INF l shown in FIG. 16, the registerable system code list RPSL shown 
m FIG. 15 A, and the encrypted area registration permission data INF_ARP shown in 
FIG. 15B. 

Next, a continuation of the setting of the operation file registration apparatus 15 
of step ST4 shown in FIG, 8 will be explained. 

FIG. 17 is a flowchart for explaining the processing. 
Step ST51: 

The processor 53 of the operator communication apparatus 12 shown in FIG. 5 
sends the area management key data K_AM_F issued at the time of generating the 
apparatus code list ACL at step ST42 shown in FIG. 13 via the conununication 
interface 51 and the network 1 7 to the operation file registration apparatus 15 or uses 
other means to notify the card memory area user 24. 

Step ST52: 

The processor 53 of the operator communication apparatus 12 sends the area 
management code AMC F issued at the time of generating the above apparatus code 
list ACL and the service code SC via the communication interface 51 and the network 
17 to the operation file registration apparatus 15. 

Step ST53: 

The processor 53 of the operator commimication apparatus 12 shown in FIG. 7 
generates, as shown in FIG. 19A, the file registration pemiission data FRP indicating 
the service codes SC and the file management key data K FM F determined by the 
card memory area user 24 in accordance with the service code SC for one or more the 
service codes SC received at step ST52. 

Step ST54: 

The processor 53 of the operator commimication apparatus 12 shown in FIG. 7 
encrypts the file registration permission data FRP generated at step ST53 by using the 

418827/iy2 CP0B02_ 25 



area management key data K__AM_^F received at step ST51 and stores the same in the 
memory 52 as shown in FIG. 19B. 

At the stage of completing the above processing up to the step ST4 shown in 
FIG. 8, the memory 52 of the operation file registration apparatus 15 stores, as shown 
in FIG. 18, the area management code AMC_F, the area management key data 
K_AM_F, and the encrypted file registration permission data FRP shown in FIG. 19B. 

Next, the memory area division processing of the IC card 1 6 by the memory 
area division registration apparatus 14 performed at step ST5 shown in FIG. 8 will be 
explained. 

FIG. 20 and FIG. 21 are flowcharts for explaining the processing. 
Step ST61: 

The IC card holder 26 visits a store of the card memory area user 24 carrying 
the IC card 1 6 and loads the IC card 16 in the memory area division registration 
apparatus 14. 

Subsequently, the system code SYSC_(i) stored in the memory 32 of the IC 
card 16 is read and output to the memory area division registration apparatus 14 via the 
input/output interface 31. 

The system code SYSC_(i) is input to the card interface 62 of the memory area 
division registration apparatus 14 shown in FIG. 6. 

Step ST62: 

The processor 65 of the memory area division registration apparatus 14 shown 
in FIG. 6 reaxis fi-om the memory 64 the package data Pj and the first issuance data 
INF_1 corresponding to the system code SYSC_(i) input at step ST61. 

StepST63: 

The processor 65 of the memory area division registration apparatus 14 outputs 
to the IC card 16 the encrypted package data Pj and first issuance data INF^l read at 
step ST62 via the card interface 62. 

Step ST64: 

The processor 33 of the IC card 16 shown in FIG. 2 first uses the uppermost 
area management key data K_MU_(i) to decrypt the package data Pj input at step 
ST62 to obtain division condition information included in the package data Pj and the 
encrypted package data Pf 
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Next, the processor 33 uses the division key data K_D to decrypt the package 
data Pf to obtain the system key data SYS_K_F and the uppermost area management 
key data K_MU_F included in the package data P£ 

Step ST65: 

5 The processor 33 of the IC card 16 encrypts by using the system key data 

SYS_K_F and the uppermost area management key data K_MU F to generate 
degenerate key data K_A1, performs mutual authentication with the memory area 
division registration apparatus 14 by using the degenerate key data K_A1, and 
proceeds to the processing of step ST66 when both of the IC card 16 and the memory 

10 area division registration apparatus 14 confirm the legitimacy of each other. 

In the above mutual authentication, for example, the memory area division 
registration apparatus 14 encrypts by using the system key data SYS_K_F and the 
uppermost area management key data KJV[U_F to generate degenerate key data 
K_A2. Then, the memory area division registration apparatus 14 generates a random 

1 5 number Rl and encrypts the random number Rl by using the degenerate key data 

K_A2 to generate data Rla. Then, the memory area division registration apparatus 14 
outputs the random number Rl and the data Rl a to the IC card 1 6. The IC card 1 6 
verifies whether the data obtained by decrypting the data Rla using the degradation 
data K Al matches with the random number Rl and, when it matches, certifies that 

20 the memory area division registration apparatus 14 is the legitimate party. Also, by 
processing data using the random number generated by the IC card 16, the memory 
area division registration apparatus 14 certifies that the IC card 16 is the legitimate 
party. 

Step ST66: 

25 The processor 33 of the IC card 16 shown in FIG. 2 divides the memory area of 

the memory 32 and, as shown in FIG. 22, forms the uppermost area AREA_MU_(i) 
assigned to the IC card issuer 21 and the uppermost area AREA^MU^F assigned to the 
card memory area user 24. 
Step ST67: 

30 The processor 33 of the IC card 16 stores (sets) the uppermost area 

management key data K MU F in correspondence with the uppermost area 
AREA_MU_F of the memory 32. 
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Step ST68: 

The processor 33 of the IC card 16 uses the uppermost area management key 
data K MU F, stored at step ST67, to decrypt the first issuance data INF_1 shown in 
FIG. 12 and input at step ST63. 
5 Step ST69: 

The processor 33 of the IC card 16 stores in the memory 32 the system code 
SYSC F included in the first issuance data ENF_1 obtained by decrypting the data at 
step ST68. 

Step ST70: 

1 0 The processor 65 of the memory area division registration apparatus 14 judges 

whether the system code SYSC_(i) received fi-om the IC card 16 at step ST61 in FIG. 
2 is included in the registerable system code hst RPSL shown in FIG. 15 A stored in 
J~ the memory 64 at step ST47 in FIG. 13. If the system code is included, the processor 

65 judges whether the data related to the services provided by the card memory area 
CI 15 user 24 can be registered in the IC card 16 and proceeds to the processing step ST71. 
5 In the communication system 1, as explained at steps ST43 and ST44, based on 

O the rejection information RI__(i) and the rejection information RI__F, an IC card issuer 

O 21 is capable of providing services by using the same IC card 1 6 as that of the card 

^ memory area user 24 to generate the registerable system code list RPSL. 

W 20 As a result, the IC card issuer 21 and the card memory area user 24 can exclude 

jlj an undesirable party fi*om providing services by using the same IC card 16. 

StepST71: 

The processor 65 of the memory area division registration apparatus 14, which 
can be registered at step ST70, outputs to the IC card 16 the encrypted area registration 
25 permission data INF ARP shown in FIG. 15 stored in the memory 64 at step ST47 in 
FIG. 13 via the card interface 62. 

The IC card 16 receives as input data, the encrypted area registration 
permission data INF ARP via the input/output interface 31 shown in FIG. 2. 
As explained above, the area registration permission data INF ARP is 
30 encrypted by the uppermost area AREA_MU_F. 
Step ST72: 

The processor 33 of the IC card 16 shown in FIG. 2 decrypts the encrypted area 
registration permission information INF RP input via the input/output interface 31 at 
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step ST71 by using the uppermost area management key data K_MU_F read from the 
memory 64. 

Step ST73: 

The processor 33 of the IC card 16 shown in FIG. 2 stores the area 
management key code AMC F and the area management key data K_AM_F in the 
area registration permission information INFJRP decrypted at step ST72 in 
correspondence with the uppermost area AREA_MU_F formed at step ST66 in the 
memory 32 as shown in FIG. 23. 

Next, the registration of file data to the IC card 16 by the operation file 
registration ^paratus 15 performed at step ST6 shown in FIG. 8 will be explained. 

FIG. 24 is a flowchart for explaining the processing. 

StepSTSl: 

The IC card holder 26 visits a store of the card memory area user 24 carrying 
the IC card 16 and loads the IC card 16 in the operation file registration apparatus 15. 

Due to this, the processor 75 of the operation file registration apparatus 15 
shown in FIG. 7 sends a file search request including information for specifying the 
card memory area user 24, such as a service code SC or system code S YSC_F, via the 
card interface 72 to the IC card 16. 

Step ST82: 

When the input/output interface 3 1 receives the file search request at step 
ST81, the processor 33 of the IC card 16 shown in FIG. 2 searches whether or not file 
data of services relating to the card memory area user 24 is stored in the memory 32 
based on the above information included in the file search request. 

StepST83: 

When it is judged that the file data of the services relating to the card memory 
area user 24 is not stored in the memory 32 by the file search at step ST82, the 
processor 33 of the IC card 1 6 notifies that the file does not exist to the operation file 
registration apparatus 15 via the input/output interface 31. 

Step ST84: 

When a notice of no file is received at step ST83, the processor 75 of the 
operation file registration apparatus 15 shown in FIG. 7 outputs file registration 
permission data FRP encrypted by the area management key data K AM F shown in 
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FIG. 1 9B stored in the memory 74 at step ST54 shown in FIG. 1 7 via the card 
interface 72 to the IC card 16. 

The IC card 16 shown in FIG. 2 receives as input data, the file registration 
permission data FRP via the input/output interface 31. 

Step ST85: 

The processor 33 of the IC card 16 shown in FIG. 2 decrypts the file 
registration permission data FRP input at step ST84 by using the area management key 
data K_AM_F, uses the file management key data K FM F in the decrypted file 
registration permission data FRP, and writes file management key data K FM F 
related to the service of the card memory area user 24 in the uppermost area 
AREA_MU_F shown in FIG. 23. As a result,-the uppermost area AREA_MU__F 
becomes as shown in FIG. 25. 

Step ST86: 

The processor 33 of the IC card 16 shown in FIG. 2 writes the file management 
key data K_FM_F and the service code SC in the file registration pennission data FRP 
decrypted at step ST85 in correspondence with the file data written at step ST85 in the 
memory 32. 

In the communication system 1 , for example, the card memory area operator 22 
shown in FIG. 1 pays for the cost of receiving the loan of the memory area of the 
memory 32 of the IC card 16 to the IC card issuer 21 for example in units of blocks of 
the memory area. 

Also, the card memory area operator 22 bills the cost for use of part of the 
memory area of the memory 32 of the IC card 16 for the service of the card memory 
area user 24 as a license fee, a service code SC registration use fee, an area AREA 
registration fee, etc. to the card memory area user 24. 

As explained above, according to the communication system 1, when the IC 
card issuer 21 issues the IC card 16 to the card holder 26, file data relating to services 
provided by the card memory area user 24 can be registered in the unused memory 
area of the memory 32 of the IC card 16 based on predetermined conditions. 

As a result, the card holder 26 can receive services of both the IC card issuer 21 
and the card memory area user 24 by using a single IC card 16. 

Also, according to the communication system 1, as explained above, (he 
package data Pj is generated through the processing of the issuer communication 
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apparatus 1 1 by using the Pf generated by the operator communication apparatus 12, 
provided to the IC card 16 via the operator communication apparatus 12 and the 
memory area division registration apparatus 14, and decrypted in the IC card 16. 
Consequently, the system code SYSC_F and the system key data SYS_K_F necessary 
5 for writing the file data to the memory area (uppermost area AREA_MU_F) used by 
the card memory area user 24 can be kept secret from the IC card issuer 21 . Also, 
since the package data Pj is decrypted by using the system key data SYS_K_(i) in the 
IC card 1 6, the system key data S YS_K_(i) necessary for writing the file data to the 
memory area (uppermost area AREA MU F) used by the IC card issuer 21 can be 
1 0 kept secret from the card memory area operator 22 and the card memory area user 24. 

Also, according to the conamunication system I, by respectively defining the 
areas AREA (i) and AREA F in the uppermost area AREA_MU_(i) and the 

O AREA_MU_F and by using the area management data K_AM (i) and K AM F to 

O 

i2 write the file data to the AREA_F, illicit writing to the memory area can be fiirther 

^ 15 prevented, 

M Namely, according to the conmiunication system 1, by dividing the memory 

area of the IC card 16 and keeping secret the key data used for a write operation of 

O data on each of the divided memory areas from xmauthorized persons, unauthorized 

ill 

flJ access to the memory area is prevented. 

20 As a result, it becomes possible for the unused area, which is not used by the 

iU IC card issuer 21 in the memory area of the IC card 1 6, to be safely used by a card 

memory area user 24 other than the IC card issuer 21 and thereby improves the 
convenience of the IC card 16. 

The present invention is not hmited to the above embodiment. 
25 For example, in the above embodiment, setting various data to the memory 

area division registration apparatus 14 and the card memory area user 24 from the 
operator commimication apparatus 12 after dehvering the memory area division 
registration apparatus 14 and operation file registration apparatus 15 to the card 
memory area user 24 was explained. However, the information may be set before 
30 delivering the memory area division registration apparatus 14 and the operation file 

registration apparatus 15 to the card memory area user 24 under the control of the card 
memory area operator 22, 
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Also, an example of configuring the memory area division registration 
apparatus 14 and the operation file registration apparatus 15 as separate apparatuses 
was explained in the above embodiment. However, the apparatuses 14 and 15 may be 
realized as a single apparatus. 

Also, in the above embodiment, an example of setting the memory area 
division registration apparatus 14 and the operation file registration apparatus 15 in a 
store of the card memory area user 24 was explained. The apparatuses 14 and 15 may 
also be set in a store of the operator communication apparatus 12. 

Also, in the above embodiment, exclusive apparatuses were used as the 
memory area division registration apparatus 14 and the operation file registration 
apparatus 1 5, but the apparatuses may be realized by a personal computer, or other 
similar device, of the card memory area user 24 under the condition that it is an 
apparatus having a fimction of keeping secret data in accordance with need. 

Below, an IC card system of an embodiment related to the above 
communication system 1 will be explained. 

(1) Configuration of Embodiment (1-1) Basic Configuration 

FIG. 27 is a block diagram of the configuration of an IC card system according 
to the present embodiment. 

hi FIG. 27, an IC card 3A/3B corresponds to the IC card 16 shown in FIG. 1. 

Also, a card provider 2 corresponds to the card issuer 2 land the issuer 
communication apparatus 1 1 shown in FIG. 1. 

Also, a lending business 5 and a management server 5 A correspond to the card 
memory area operator 22 and the operator communication apparatus 12 in FIG 1. 

Also, an area user 6 corresponds to the card memory area user 24 shown in 

FIG. 1. 

Furthermore, an operation terminal 8 corresponds to the memory area division 
registration apparatus 14 and the operation file registration apparatus 15 shown in 
FIG. 1. 

In the IC card system 101, the card provider 2 issues a non-contact type IC card 
3A/3B fi^e of charge or by purchase by a xiser and performs processmg of for example 
cashing, passage of turnstiles at train stations, etc., by access from the provider 
terminal 4A to 4N by using the IC card 3A/3B. Also, a memory space of the IC card 
3A/3B left over after the above use for a service relating to its own business is lent to a 
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area user 6 desiring to use it by management of the lending business 5 or by its own 
management. Due to this, the IC card system 101 becomes enable of providing a 
variety of services not only to the card provider but to the area user 6 by the IC card 
3Ay3B. Note that in the IC card system 101, a series of processing is executed by a 
5 computer under management of the card provider 2, the lending business 5, the area 
user 6, etc. However, in the explanation belov/, for a simpler explanation and easy 
understanding, the configuration of the IC card system 101 will be explained by 
suitably setting the card provider 2, lending business 5, and area user 6, etc., as main 
components. 

1 0 Namely, in the IC card system 101, a card manufacturer 7 produces the IC card 

3A/3B upon order by the card provider 2 and delivers it to the card provider 2. At this 
time, the IC card 3 A/3B is issued by recording a card code Ccd notified firom the card 
provider 2 and a division processing key notified firom the lending business 5. Here, 
p the card code Ccd is an identification code unique to the IC card 3A/3B and selected 

m 15 by the card provider 2 by a later explained procedure. The division processing key is a 

key unique to the IC card 3A/3B relating to processing for preparing a system area 
O separately. When the card provider 2 entrusts management of empty areas of the IC 

Q card 3A/3B to the lending business 5, the card provider 2 notifies the card code Ccd to 

the lending business 5, pays a license fee, obtains permission firom the lending 
2 20 business 5, and issues the IC card 3A/3B. 

fy On the other hand, the card provider 2 is the entity issuing the IC card 3 A/3B 

and selects the card code Ccd, notifies the same to the card manufacturer 7, and 
receives the IC card 3AJ3B from the card manufacturer 7. Also, when the IC card 
3 A/3B is delivered from the card manufacturer 7, the card provider 2 accesses the IC 
25 card 3 A/3B by an exclusive access apparatus, that is, a reader/writer, and sets the 

services to be usable by the IC card 3A/3B. Here, in the processing, the card provider 
2 sets a system area in the memory space of the IC card 3A/3B by transfer of data 
encrypted by using a predetermined key and sets a user area of a predetermined 
number of blocks (n blocks). 
30 The card provider 2 records data necessary for accessing the user area, data 

necessary for updating the system area, data for specifying records of the system area, 
etc., in the system area and records files necessary for services expected to be provided 
in the user area. 
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Namely, the card provider 2 records area management information indicating 
the recording positions of the files and not recorded areas in units of block in the 
system area and enables access to desired files requested from an external apparatus by 
the area management information. Also, a file key for encrypting processing 
corresponding to the files, an application key applied to one service by a plurality of 
files, an area management key as a key for releasing encrypting corresponding to the 
card provider 2, and a system key for encrypting processing of all data to be 
input/output are recorded. As a result, in the blocks of the user area set in the IC card 
3A/3B, encrypting of data input from the provider terminal 4A and 4B is released by a 
combination of the corresponding system key, the application key, the area 
management key, and the file key so that it is made possible to write in a 
predetermined memory space. 

Also, Hie system key, the area management key, the application key, the area 
management key serving as a key for managing the file key, etc. are recorded. The 
system key etc. is updated only by access using the file management key, the 
application key and the file key. 

Also, application codes unique to the services and a system code for specifying 
recording of the system area are recorded to enable the variety of services provided by 
the IC card 3A/3B to be identified by the ^plication code and system code. Note that 
the IC card 3 Ay3B is configured so that files relating to one service are recorded in 
successive blocks, an address of the head block of the successive blocks is assigned to 
the application code, and thus, corresponding files are recorded in the memory space 
by using the application code as a reference. The files are made accessible by the area 
management information afrer being recorded. 

If the IC card 3A/3B is usable by configuring the system area and user area as 
explained above, the card provider 2 provides the IC card 3 A/3B to the card user for a 
fee or free of charge. Furthermore, when there is an access using the IC card 3A/3B 
from the provider terminals 4A and 4B serving as terminal apparatuses of services 
offered by the card provider 2, a predetermined service is provided. 

Thus, the provider terminals 4A and 4B modulate information to be used for 
transmission by a predetermined carrier in a built-in reader/writer to drive a built-in 
antenna so as to repeatedly emit a call to the IC card 3A/3B at a predetermined cycle. 
Here, when the IC card 3A is held close to the antenna and a response to the call is 
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sent from the IC card 3A, the reader/writer executes processing for mutual 
authentication with the IC card 3 A and judges whether or not mutual data 
communication with the IC card 3A is possible. 

When it is judged by the mutual authentication that mutual data 
communication is possible, the provider terminals 4A and 4B detect a response of the 
IC card 3A/3B to the call using the system code and thereby judge whether it is an IC 
card 3 A/3B having a system area corresponding thereto or not. Furthennore, by 
obtaining a response of the IC card 3A/3B to the call using the system management 
key and the application code, it is judged whether the IC card 3A/3B relates to its own 
service. When judged to be an IC card 3A/3B relating to its own service as explained 
above, the provider terminals 4A and 4B access the user area by transferring encrypted 
data by a combination of the system key, area management key, application key, and 
file key. 

For example when offering a service by electronic money, they execute 
processing for detecting an amount recorded on the IC card 3A, subtracting an amount 
used by the user from the balance and recording this in the IC card 3 A. Also, when the 
card provider 2 issues points for purchases made by the user and offers a variety of 
services in accordance with the points, it executes processing for updating points, 
recorded on the IC card 3 A in accordance with the amount of the purchase by the user. 

The IC card 3A/3B is a non-contact type IC card which starts to operate by 
power induced by the built-in loop antenna and performs processing on a high 
frequency signal induced to the loop antenna by a predetermined signal processing 
circuit so as to receive the call from the reader/writer. The IC card 3A/3B sends a 
response to the call, lurther executes processing for mutual authentication upon request 
from the reader/writer for the response, and thus, judges whether data exchange is 
possible with the reader/writer. 

Furthermore, it transmits a collation result of the system code and application 
code recorded in the system area to the reader/writer in response to a call using the 
system code and application code from the reader/writer and therefore, can execute a 
series of processing only when relating to a service scheduled to be provided by the 
reader/writer. 

As a result, when confirmation is obtained by the reader/writer in this way, the 
IC card 3 A/3B accesses corresponding files in accordance with access using the 
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successively input system key, area management key, application key, and file key and 
thereby executes a series of processing by the file. Also, it secures an area for 
recording the file by updating the system area by gaining access using the area 
management key and the system management key and updates the system area by 
receiving registration of the file key, application code, and application key. 
(1-2) Division of Area 

The card provider 2 yields the management right of the unused areas of the 
memory space of the IC card 3A/3B to the lending business 5 or lends the memory 
space to the area user 6 which desires to use the IC card 3 A/3B by the lending business 
5 while holding the management right in its own hands. As a result, in this IC card 
system 1 01, even a terminal of the area user 6, that is, the operation terminal 8, can use 
services provided by the area user 6. Due to this, services of electronic money, 
ticketing, etc., offered by different businesses can be utilized as desued by the user by, 
for example, the IC card 3A/3B of a commuter's pass. 

Thus, the operation terminal 8 is installed in a store of the user 6, provides 
services relating to an operation by the area user 6, and sets the IC card 3 A/3B to be 
able to use the services of the area user 6 by an operation by the user in addition to the 
provision of these services. 

FIG. 26 is a block diagram of a series of processing in the case of transferring 
the management right of the unused areas therein to the lending business 5. Here, in 
the present embodiment, as shown in FIG. 28, the processing divides an empty area of 
the memory space into a predetermined number of blocks, separately sets a system 
area (hereinafter, referred to as a new system area) formed by setting the manager as 
the lending business in the divided areas in the same way as explained above with 
reference to FIG. 27, and manages the divided areas by the new system area. 

Thus, the lending business 5 records data necessary for forming the new 
system area in the IC card 3A/3B by access to the IC card 3B by the operation terminal 
8 using the system area set by the card provider 2. At this time, the lending business 5 
secures a user area corresponding to the number of blocks authorized by the card 
provider 2. Furthermore, the lending business 5 prevents the secret information of the 
new system area, that is, the system management key, area management key, etc., fi*om 
being kept secret firom a third party including the card provider 2, and thereby makes 
the user area used by the area user 6 unaccessible even by the card provider 2. 
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Therefore, the lending business 5 specifically removes information relating to a 
file to be recorded on the user area and encrypts information comprising the new 
system area. The enciyption is performed by an encrypting key corresponding to a 
division processing key to generate a package Pf and sends the package Pf to the card 
provider 2 together with information specifying the IC card 3 A/3B. Note that the 
information here is prepared by infonnation obtained by removing information related 
to specific services, such as a file key, application key, application code, etc. from 
various information of the above system area explained with reference to FIG. 28 
arranged in a format corresponding to the configuration of the system area. Due to 
this, the lending business 5 keeps the area management key, system management key, 
etc. set in the new system area secret fi-om the card provider 2 and provides 
information used for generating the system area to the card provider 2. 

Subsequently, in the IC card system 101, by inputting/outputting information 
encrypted to enable release of the encrypting by a key for releasing encrypting 
recorded in the system area, that is, the system key, with the first terminal apparatus 
corresponding to the recording of the system area explained with reference to FIG. 28, 
that is, the provider terminal 4A/4B, the IC card 3 A/3B, in which the memory space is 
accessed in accordance with the recording of the system area by the first terminal 
apparatus, is designed to encrypt information of the new system area corresponding to 
the system area to enable release of the encrypting by a predetermined area division 
key recorded in the IC card 3A/3B to generate encrypted information. 

After the predetermined server adds dummy data to the thus notified package 
Pj in accordance with blocks lent to the lending business, the card provider 2 generates 
encrypted information by encrypting the information using the area management key 
and the system key and further encrypting the information by setting the application 
code etc, and system management key etc. so as to record the encrypted information in 
successive predetermined blocks in the memory space by management of the system 
area explained above with reference to FIG. 28. As a result, the card provider 2 
generates a package Pj relating to the same configuration as a data stream sent ft^om 
the provider terminals 4A and 4B when recording a file relating to a predetermined 
application to the blocks lent to the lending business 5 and provides the package Pj 
together with the mutual authentication key and system code to the lending business 5. 
Consequently, the card provider 2 keeps the area management key and system 
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management key etc. of the original system area, which it manages itself, secret from 
the lending business 5 and provides the package Pj generating the new system area and 
a corresponding user area to the lending business 5 together with the mutual 
authentication key etc. 

As a result, the lending business 5 obtains from the card provider 2 the package 
Pj relating to the area setting processing for a predetermined nvimber corresponding to 
the charging processing together with the mutual authentication key etc. by advance 
processing and provides the same to the area user 6 conditional on executing charging 
processing for setting areas at the card provider 2 and obtaining permission from the 
card provider 2. 

As opposed to this, the operation terminal 8 executes processing for mutual 
authentication relating to the new system area with the IC card 3B in the same way as 
the provider terminals 4A and 4B by settings in advance and receives the mutual 
authentication key from the area user 6 and executes processing for mutual 
authentication with the IC card 3B by the mutual authentication key when mutual 
authentication is not obtained. Here, when mutual authentication has been achieved, 
the IC card 3B notifies that fact to the area user 6 since it is an IC card to which a new 
system area is not yet set. 

Accordingly, the area user 6 instructs to secure an area corresponding to the IC 
card 3B by sending the package Pj to the operation terminal 8. Due to the instruction, 
the operation terminal 8 uses the record of the previous system area related to usage of 
the provider terminals 4A and 4B and records information of the package Pj in a 
predetermined area of the IC card 3B. As a result, in the IC card system 101, the IC 
card 3B is made to secure a user area corresponding to the new system area. Also, 
corresponding to the encrypting processing of the package Pf by the card provider 2 at 
this time, it releases encrypting by the system key and area management key set in the 
original system area of the IC card 3B, the records by releasing encr>pting by the 
division processing key and thereby forms the same new system area as the system 
area of the provider terminals 4 A and 4B. 

Also, the system sets the user area to be hard to access even by the card 
provider 2 by various kinds of keys set in the new system area and accordingly can 
completely entrust management of the memory space to the lending business 5. 
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As a result, in the IC card system 101 , by setting the new system area by the 
lending business 5 in the memory space of the TC card 3A/3B and dividing the 
memory space as explained above, the management right of the divided memory space 
is transferred from the card provider 2 to the lending business 5. 

Due to this, in the IC card system lOI, in the same way as execution by the 
card provider 2 by management of the memory space by the original system area using 
the provider terminals 4A and 4B, and by the management of the memory space by the 
new system area using an exclusive terminal apparatus by the lending business 5, the 
lending business 5 can also provide a variety of services by managing the IC card 
3A/3B. 

In the above way, in the IC card system 101, a management computer at the 
card provider 2 side comprises a second encrypting means for further encrypting the 
encrypted infonnation, that is, the package Pj, to enable release of the encrypted 
information by the area management key recorded in the previous system area, to 
generate the second encrypting information, that is, the package Pj. The management 
computer further comprises an input means for an operation terminal 8 to input the 
package Pj to the IC card 3A/3B by access of the IC card 3A/3B corresponding to the 
recording in the first system area, that is, the previous system area, by access of the IC 
card 3A/3B using the mutual authentication key of the provider terminals 4 A and 4B 
by the operation terminal 8. Moreover, the computer releases the encrypted 
information of the package Pj in the IC card 3A/3B and records information of the new 
system area in the memory space of the IC card 3A/3B by access of the IC card 3A/3B 
corresponding to the first terminal apparatus. 

(1-3) Lending of Memory Space 

The lending business 5 lends memory space to the area user 6, which desires to 
use the IC card 3A/3B with respect to the divided memory space, when dividing the 
memory space of the IC card 3A/3B and receiving part of the management right in this 
way or with respect to the entrusted memory space when the lending of the memory 
space is entrusted by the card provider 2 while the card provider 2 keeps the 
management right at its own hands. As a result, in the IC card system 101, even more 
types of businesses can offer a variety of services using the IC card 3A/3B in common. 

In the lending processmg, when the card provider 2 and area user 6 do not 
desire to provide services using a single IC card 3 A/3B in common, the lending 
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business 5 limits the lending of the memory space by rejection processing. Due to 
this, for example, the memory space of the IC card 3A/3B is not lent for a service of a 
certain provider in a rival relationship with the card provider 2. Further, lending 
processing is selectively performed for an IC card 3Ay3B relating to a rate desired by 
the area user 6. Due to this, the area user 6 can reject lending for example for an IC 
card 3 Ay3B at a high lending rate. 

(1-3-1) Registration of Service 

FIG. 30 is a block diagram for explaining pre-processing of the rejection 
processing in the IC card system 101. Namely, in the IC card system 101, the lending 
business 5 obtains from the IC card issuer 21, lending conditions together with the card 
code Ccd as to the IC card 3A/3B entrusted to be lent at the time of requesting 
production of the IC card 3A/3B to the card manufacturer 7 by the card provider 2 etc. 
Here, the lending conditions include rejection conditions of the application (APL), 
price of the area, and expiration date; the rejection conditions of an application include 
sectors and businesses for which lending is rejected and other data specifying services 
(for example, an apphcation code); and the price of the area includes data for 
specifying a fee of one block relating to lendmg. Also, the expiration date is 
composed of data for specifying a lending period. As a result, when lending is rejected 
in this way, for example, prohibiting use of the IC card 3A/3B by rival busmesses may 
be considered. 

The lending busmess 5 records the obtained card code Ccd and the lending 
conditions in a management server 5A and thereby prepares a card code list formed by 
recordmg the card code Ccd and the lending condition of the IC card 3A/3B. 
Furthermore, the lending business 5 approves the card code Ccd for access from the 
card manufacturer 7. 

Furthermore, the lending business 5 has the area user 6, which desires to use 
the IC card 3 A/3B, set the operation terminal 8 and makes the operation terminal 8 
fimction as a registration apparatus so that the area user 6 can register services. The 
area user 6 can access the IC card 3A/3B from the operation terminal 8 and use it for a 
variety of services. 

The lending business 5 records information of the services to be registered 
from the operation terminal 8 in the management server 5A to generate a registration 
machine code list and an apphcation code list shown in FIG. 31 and executes the 
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rejection processing by judgement made by comparing these lists with the card code 
list. 

Namely, when the lending business 5 authorizes the area user 6 to use the IC 
card 3A/3B under a contract formed with the area user 6, it issues an unused 
registration machine code Med to the area user 6 when there is an issuance request of a 
unique registration machine code Med from the area user 6 to the operation terminal 8. 
When issuing the registration machine code Med in this way, the management ser\'er 
5 A records a business code indicating that the operation terminal 8 relating to the 
registration machine code Med is related to the area user 6 and an application (APL) 
code of the services which the operation terminal 8 is scheduled to operate and 
prepares a registration machine code list. Note that when starting a new services of the 
area user 6 by the existing operation terminal 8, this can be dealt with by updating 
Q contents of a correspondmg registration machine code at the time of requesting to 

H obtain the application code related to the new services, 

ffl 15 In the IC card system 101, when the registration machine code Med is notified 

2 from the lending business 5 to the area user 6, as explained above, the area user 6 asks 

O a registration machine manufacturer 1 0 for an operation terminal 8 by the registration 

Q machine code Med. In this case, by the request for permission from the registration 

py machine manufacturer 10, the lending business 5 approves production of the operation 

ffl 20 terminal 8 with the registration machine code Med. Thus, in the IC card system 101, 
^ the registration machine manufacturer 1 0 produces the operation terminal 8 by 

recording the registration machine code Med. Then, the operation terminal 8 is 
delivered to the area user 6, and a license fee is charged in this case. 

In the IC card system 101, for an operation terminal 8 delivered to the area user 
25 6 explained above, when the area user 6 requests issuance of an apphcation code 

relating to the new services by the operation terminal 8, the lending business 5 selects 
an unused apphcation code, notifies the same, and updates contents of the registration 
machine code list by the apphcation code. Furthermore, the number of blocks of the 
IC card 3A/3B relating to lending set by the contract, rejection conditions of the IC 
30 card (rejection conditions of a card code) which the lending business 5 does not desire 
to use, etc. are recorded hi the management server 5 A along with a correspondmg 
apphcation key so as to prepare the apphcation (APL) code list. Note that in FIG. 31, 
the rejection conditions of the card code are records of card codes of the IC.cards 
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which the lending business 5 does not desire to use, specifically, card codes and usage 
fees that are blocked for use. As a result, where a rival business of the area user 6 is 
the card provider 2, a case of a high usage rate, etc. may be considered. 

When preparing a hst in this way, as shown in FIG, 32, the lending business 5 
compares conditions for recording to the card code list with conditions for recording to 
the application code list for every application code and card code and thereby prepares 
a list of registration permission information for registering services to the IC card 
3 A/3B except for combinations of registration of services by the area user 6 which the 
card provider 2 does not desire and combinations of registration of services to the IC 
card 3A/3B which the area user does not desire etc. 

At this time, the lending business 5 sends the registration permission 
information from the operation terminal 8 to the IC card 3 A/3B, records an application 
code and an application key corresponding to the IC card 3 A/3B in the IC card 3A/3B, 
and prepares a list by recording the registration permission information so that the 
number of blocks for recording corresponding files can be secured. Note that when the 
lending business 5 is only entrusted with lending of a memory space, since the area 
management information, system key, and system management key recorded in the 
system area necessary for preparing such registration permission information are 
known only by the card provider 2, information of the application code, application 
key, and number of blocks are notified to the card provider 2 and registration 
information is generated through encryption by the card provider 2. As opposed to 
this, when providing services in a memory space corresponding to the system area by 
registering the information to the system area managed by the lending business, since 
area management information, system key, and system management key recorded in 
the system area are known only by the lending business 5, the registration information 
is generated by processing of the lending business 5 by itself 

When data exchange is started between the operation terminal 8 and the IC 
card 3A/3B in a state where the application registration list is prepared in advance as 
explained above, when the system area relating to the operation terminal 8 is not 
formed in the IC card 3A/3B, the system area is formed and then existence of a record 
of an application code relating to the services of the operation terminal 8 is confirmed 
in the operation terminal 8. Here, when the apphcation code is not recorded in the IC 
card 3 A/3B, it is considered that files relating to the services of the operation terminal 
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8 are not yet registered in the IC card 3 A/3B. At this time, when a plurality of services 
are provided by the operation terminal 8, the operation terminal 8 issues a command to 
the IC card 3A/3B to successively read the application code and detects services which 
are not yet registered from the read application code. Furthermore, existence of 
5 provision of detected services which are not yet registered, is confirmed for the user 
which carries the IC card 3A/3B. If the user desires a service here, the registration 
machine code and service code are notified to the lending business 5 via the area user 
6. 

Furthermore, when searching through the application registration list by using 
10 a search result of the registration machine code list by the registration machine code as 
a reference and recording registration permission infoiraation as a registerable service, 
the registration permission information of the corresponding application is notified 
^ firom the application registration list to the operation terminal 8. On the other hand, 

p when registration permission information of the corresponding application is not 

m 15 registered, since registration is difficult due to tiie above rejection processing, the user 
2 is informed of it via the operation terminal 8, 

P In the IC card system 101, a registration key K used for registering a file 

Q necessary for providing a service is also notified firom the area user at the time of 

if; notifying the registration permission information to the operation terminal 8. The 

TO 20 operation terminal 8 accesses the IC card 3B by the registration permission 
^ information to enable registration of a file and file key relating to a service. Then, by 

accessing the IC card 3B using the registration key K notified fi-om the area user 6, the 
file and corresponding file key relating to the service are registered. Thus, in the IC 
card system 101 , the area user 6 uses the memory space lent from the lending business 
25 5 or the area user 6 uses the memory space lent from the card provider 2 and the lent 
memory space is managed by the file key kept by the area user 6, so a variety of 
services can be provided. 

When the services become available in this way, the operation terminal 8 prints 
a sticker indicating the newly usable service by a built-in printer and provides the 
30 sticker to the user of the IC card 3B. As a result, in the IC card system 101 , even in 
the case where a large number of services are recorded in the IC card 3B, the user can 
confirm the available services by adhering the stickers on the IC card 3B. Note that 
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instead of printing such a sticker, it is possible to directly print the information on the 
IC card 3B. 

As explained above, when a service becomes available by the IC card 3B, the 
lending business 5 performs charging relating to collection of fees at the time of 
registration in the area user 6 and charging relating to payment of the registration fee 
in the card provider 2. Fxirthermore, the registration is hsted for each card code of the 
IC cards and records left. The lending business 5 performs charging for use of the card 
for example in units of months by periodic tabulation of the records. 

Note that the series of processing of the data processing method of the present 
invention can be executed by hardware, but can also be executed by software 
(program). When executing the series of processing by software, it is possible to 
install the software from a storage medium or downloaded it via a network into a 
computer incorporating a program comprising the software in exclusive hardware or a 
general-use personal computer capable of executing a variety of ftinctions by 
installation of a variety of programs etc. 

As explained above, according to the present invention, it is possible to provide 
a data processing method, system, and apparatus which can deal with a variety of 
demands including security aspects of a service provider when a plurality of 
businesses share a single IC card. 
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CLAIMS 
The invention is claimed as follows: 
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1 . A data processing method for processing so that a portable device 
5 including an integrated circuit for storing memory area division data and first area 

management key data, is authorized to perform at least one of a write operation to a 
memory area of said integrated circuit and a rewrite operation to the memory area on 
the condition that the first area management key data makes a second service provider 
provide a service using part of said memory area of said integrated circuit when said 
10 portable device is issued by a first service provider providing a service using said 
memory area, 

said data processing method comprising the steps of: 

having a memory area operation imit managing said key memory area division 
data encrypt first module data including second area management key data by the key 
1 5 memory area division data, and providing the same to the first service provider; 

having the issuer of the portable device, which is said first service provider, 
encrypt second module data including the encrypted first module data by using said 
first area management key data and providing the same to said memory area operation 
imit; and, 

20 under the control of the memory area operation unit, providing the encrypted 

second module data to the integrated circuit, decrypting the second module data by 
using the first area management key data in the integrated circuit, decrypting the first 
module data in the decrypted second module data by using the key memory area 
division data, and dividing the memory area to a first memory area to be used for the 

25 services of the first service provider and a second memory area to be used for the 

services of the second service provider by using the second area management key data 
obtained from the decryption of the data. 

2. A data processing method as set forth in claim 1 , further comprising the 
30 step of having the integrated circuit divide the memory area into the first memory area 

wherein at least one of a write operation and a rewrite operation is authorized on the 
condition that the first area management key data is used and the second memory area 
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wherein at least one of a write operation and a rewrite operation is authorized on the 
condition that the second area management key data is used. 



3. A data processing method as set forth in claim 1 , further comprising: 

5 having the integrated circuit further store first system key data and authorize at 

least one of a write operation of data to the memory area and a rewrite operation of 
data in the memory area on the condition the first system key data and the first area 
management key data are used; 

having the memory area operation unit encrypt first module data further 
1 0 including second system key data by the key memory area division data and provide 
the same to the first service provider; 

having the first service provider encrypt second module data including the 
encrypted first module data and division condition information indicating the condition 
for dividing the memory area for use by another service provider by using the first area 
1 5 management key data and providing it to the memory area operation unit; and 

having the integrated circuit decrypt the second module data by using the first 
area management key data, decrypt the first module data in the decrypted second 
module by using the key memory area division data, and divide the memory area by 
using the second system key data, second area management key data, and division 
20 condition information obtained by decrypting the data. 

4. A data processing method as set forth in claim 1 , further comprising 
providing a memory area division apparatus for dividing said memory area to 

said second service provider under the control of said memory area operation unit and 
25 having said memory area division apparatus provide said encrypted second 

module data to said integrated circuit. 

5. A data processing method as set forth in claim 2, providing a plurality 
of third memory areas defined in said second memory area and third area management 

30 key data used for performing at least one of a write operation to the third memory area 
and a rewrite operation in the third memory area defined in each of said third memoiy 
areas, 

further comprising the steps of: 
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having said memory area operation unit encrypt third area management key 
data by second area management key data and provide the same to said memory area 
division apparatus; 

having said memory area division apparatus provide said encrypted third area 
management key data to said integrated circuit; and 

having said integrated circuit decrypt said encrypted third area management 
key data by using said second area management key data, estabhsh correspondence 
with said third memory areas defined in said second memory area to store said third 
area management key data obtained by decrypting the data, 

6. A data processing method as set forth in claim 5, further comprising the 

step: 

having said memory area operation unit assign a service code for identifying a 
service provided by using the third memory area for each of said third memory areas 
and generate and store an area code list indicating an area code for identifying said 
third memory area, said third area management key data corresponding to the third 
memory area, and said service code assigned to the corresponding third memory area. 

7. A data processing method as set forth in claim 3, further comprising the 
steps of: 

providing a memory area division apparatus for dividing said mamory area for 
said second service provider under the control of said memory area operation unit; 

having said memory area division apparatus provide said encrypted second 
module data to said integrated circuit; 

having said memory area operation imit provide first degenerate key data 
obtained by encrypting the data using said second system key data and said second 
area management key data to said memory area division apparatus; 

having said integrated circuit generate second degenerate key data by 
encrypting the data using said second system key data obtained by decrypting the data 
and said second area management key data; and 

' performing mutual authentication between said memory area division 
apparatus and said integrated circuit using said first degenerate key data and said 
second degenerate key data. 
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8. A data processing method as set forth in claim 6, further comprising the 
steps of: 

having said memory area operation unit 

provide an operation file registration apparatus to said second service provider, 
provide said third area management key data to said operation file registration 
apparatus, and 

establish correspondence between said service code in said area code list and 
said area code to provide the same to said operation file registration apparatus; 

having said operation file registration apparatus store file registration 
permission data indicating said service code and file management key data issued by 
said second service provider in correspondence, encrypt said file registration 
permission data by using said third area management key data, and provide the same to 
said integrated circuit; and 

having said integrated circuit decrypt said file registration permission data by 
using said third area management key data and write file data relating to a service of 
said second service provider to said third memory area by using said file management 
key data in said decrypted file registration permission data. 

9. A data processing method as set forth in claim 4, fiirther comprising the 
steps of, 

when there arc a plurality of said first service providers, and said first system 
management key data and a system code for identifying said first service provider are 
added to each of said plurality of first service providers, 

having said memory area operation unit 

receive rejection information that specifies a party for which provision of 
services firom respective service providers using the same integrated circuit is rejected 
from said first service provider and said second service provider, 

generate a registerable system code list indicating said system code added to 
said first service provider capable of providing a service by said same integrated 
circuit as said second service provider based on said rejection information, and 

provide the registerable system code list to said memory area division 
apparatus; and 
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having said memory area division apparatus judge whetiicr or not to divide said 
memory area of the integrated circuit based on said system code stored in the 
integrated circuit and said registerable system code list before dividing said memory 
area of said integrated circuit. 

10. A data processing method as set forth in claim 1, further comprising the 
step of having said memory area operation unit pay a fee for using said second 
memory area of said integrated circuit to said first service provider. 

11. A data processing method as set forth in claim 1, further comprising the 
step of having said second service provider pay a fee for using said second memory 
area of said integrated circuit to said memory area operation luiit. 

1 2. A data processing method as set forth in claim 1, wherein said portable 
device is a card. 

13. A data processing system for processing data so that a portable device 
including an integrated circuit for storing key memory area division data and first area 
management key data is authorized to perform at least one of a write operation to a 
memory area of said integrated circuit and a rewrite operation to the memory area on 
the condition that the first area management key data makes a second service provider 
provide a service using part of said memory area of said integrated circuit when issued 
by a first service provider using said memory area, wherein the system has 

a memory area operation processing apparatus used by a memory area 
operation unit which manages the memory area division data, 

a first service provider processing apparatus used by the issuer of the portable 
device which is the first service provider, and 

a second service provider processing apparatus used by the first service 
provider; 

wherein: 

the memory area operation processing apparatus encrypts first module data 
including second area management key data by the memory area division data and 
sends the same to the first service provider processing apparatus; 
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the first service provider processing apparatus encrypts second module data 
including the received encrypted first module using the first area management key data 
and sends the same to the memory area operation processing apparatus; 

the memory area operation processing apparatus provides the received 
5 encrypted second module data to the integrated circuit; and 

the integrated circuit decrypts the second module data by using the first area 
management key data, decrypts the first module data in the decrypted second module 
by using the memory area division data, and divides the memory area to a first 
memory area to be used for service of the first service provider and a second memory 
1 0 area to be used for service of the second service provider using the second area 

management key data obtained by the decrypting the data under control of the memory 
area operation unit. 

14. A data processing system as set forth in claim 13, wherein said 

1 5 integrated circuit divides said memory area into said first memory area wherein at least 
one of a write operation and a rewrite operation is authorized on the condition that said 
first area management key data and said second memory area are used wherein at least 
one of a write operation and a rewrite operation is authorized where said second area 
management key data is used. 

20 

15. A data processing system as set forth in claim 13, wherein: 

said integrated circuit fiirther stores first system key data and authorizes at least one of 
a write operation to said memory area and a rewrite operation in the memory area on 
the condition that said first system key data and said first area management key data 

25 are used; 

said memory area operation processing apparatus encrypts first module data 
further including second system key data by said key memory area division data and 
provides the same to a first service provider processing apparatus; 

said first service provider processing apparatus encrypts second module data 
30 including said encrypted first module and division condition information indicating 
conditions of dividing said memory area for use of other service providers and 
provides it to said memory area operation xmit processing apparatus; and 
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said integrated circuit decrypts said second module data by using said first area 
management key data, decrypts said first module data in the decrypted second module 
data by using said key memory area division data, and divides said memory area by 
using said second system key data, second area management key data, and said 
division condition information obtained by decrypting the data. 

16, A portable device mounting an integrated circuit used for a first service 
provider providing a service, v^herein the integrated circuit comprises: 

a memory means for storing key memory area division data managed by a 
memory area operation unit performing processing to make a second service provider 
provide a service using a part of a memory area of the integrated circuit and first area 
management key data; 

an input means for inputting a module including second area management key 
data issued by the memory area operation unit which is encrypted by the memory area 
operation unit using the memory area division data and fiirthermore encrypted by the 
first service provider by using the first area management key data; and 

a processing means for decrypting the input module by using the memory area 
division data and the first area management key data, dividing a memory area of the 
memory means to a first memory area and a second memory area by using the second 
area management key data in the decrypted module, authorizing at least one of a write 
operation to the first memory area and a rewrite operation in the memory area on the 
condition that the first area management key data is used and authorizing at least one 
of a write operation to the second memory area and a rewrite operation in the memory 
area on the condition that the second area management key data is used. 

17. A portable device as set forth in claim 16, wherein said processing 
means authorizes a write operation of a file used for processing of the processing 
means in said first memory area on the condition that said first area management key 
data is used and authorizes a write operation of a file used for processing of the 
processing means in said second memory area on the condition that said second area 
management key data is used. 
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18. A portable device as set forth in claim 16, wherein: 
said memory means further stores first system key data; 

said input means receives as an input, said module further including second 
system key data; and 

said processing means uses said second system key data and said second area 
management key data in said decrypted module to divide the memory area of said 
memory means to said first memory area and said second memory area, authorizes at 
least one of a write operation to said first memory area or a rewrite operation in the 
memory area on the condition that said first system key data and said first area 
management key data are used, and authorizes at least one of a write operation to said 
second memory area or a rewrite operation in the memory area on the condition that 
said second system key data and said second area management key data are used. 

19, A data processing apparatus for processing data so that a portable 
device including an integrated circuit for storing distribution key data, a system code 
for identifying a first service provider, and first area management key data which is 
authorized to perform at least one of a write operation to a memory area of said 
integrated circuit and a rewrite operation to the memory area on the condition that the 
first area management key data makes a second service provider provide a service 
using part of said memory area of said integrated circuit when issued by a first service 
provider providing a first service using said memory area, wherein 

the apparatus has a memory means, processing means, and input/output means; 

the memory means stores rejection information specifying a service provider 
which can provide service by the same integrated circuit indicated by the first service 
provider and the second service provider; 

the processing means encrypts a first module including second management 
key data by using the key memory area division data; 

the input/output means outputs the encrypted first module to provide it to the 
first service provider, receives as input a second module including the encrypted first 
module and encrypted in the first service provider by using the first area management 
key data, and outputs the second module to provide it to a memory area division 
apparatus for dividing the memory area under control of the second service provider so 
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that a part of the memory area of the integrated circuit can be used by the second 
service provider; 

the processing means generates a registerable system code list indicating the 
system code added to the first service provider which can provide service by the same 
5 integrated circuit as the second service provider based on the rejection information; 
and 

the input/output means outputs the system code hst to provide it to the memory 
axea division apparatus. 

10 20. A data processing apparatus as set forth in claim 19, wherein 

when said memory area division apparatus divides said memory area of said 
integrated circuit into said first memory area wherein at least one of a write operation 
^ and a rewrite operation is authorized on the condition that said first area management 

key data is used, and said second memory area wherein at least one of a write 
^ 15 operation and a rewrite operation is authorized on the condition that said second area 
J management key data is used; 

M said processing means defines a plurality of memory areas in said second 

p memory area, issues third area management key data used for performing at least one 

'f^l of a write operation to the third memory area and a rewrite operation in said third 

2 20 memory area for each of said plurality of third memory areas and encrypts the third 
fy area management key data by said second area management key data; and 

said input/output means outputs said encrypted third area management key data 
to provide it to said memory area division apparatus. 

25 21 . A data processing apparatus as set forth in claim 20, wherein said 

processing means issues a service code for identifying a service provided by using the 
third memory area for each of said third memory areas and generates an area code list 
indicating an area code for identifying said third memory areas, said third area 
management data corresponding to the third memory area, and said service code 

30 assigned to the third memory area in correspondence; and 
said memory means stores said area code list. 
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22. A data processing apparatus as set forth in claim 21, wherein said 
input/ou^ut means establishes correspondence between said area code included in said 
area code list and said service code and outputs the same to provide it to a file 
registration apparatus for writing file data used for a service of said second service 

5 provider in said third memory area of said integrated circuit. 

23. A data processing apparatus for processing data so that a portable 
device including an integrated circuit for storing distribution key data, a system code 
for identifying a first service provider, and first area management key data which is 

10 authorized to perform at least one of a write operation to a memory area of said 

integrated circuit and a rewrite operation to the memory area on the condition that the 
first area management key data makes a second service provider provide a service 
using part of said memory area of said integrated circuit when issued by a first service 
provider providing a first service using said memory area, wherein the apparatus has a 

1 5 memory means, input/output means, and processing means; 

the memory means stores a module including second area management key 
data issued by a memory area operation unit for managing processing of the data 
processing apparatus and encrypted by the memory area operation unit using the key 
memory area division data and a registerable system code list indicating the system 

20 code added to the first service provider which can provide service by the same 
integrated circuit as the second service provider; 

the input/output means receives as input the system code firom the integrated 
circuit; and 

the processing means outputs the modiile to the integrated circuit via the 
25 input/output means when it judges that the input system code is indicated in the 
registerable system code list. 

24. A data processing apparatus for performing processing to write file data 
in a second memory area of an integrated circuit having a first memory area wherem at 

30 least one of a write operation and rewrite operation of file data used for providing a 
first service is authorized on the condition that first area management key data is used 
and a second memory area wherein at least one of a write operation and rewrite 
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operation of file data used for providing a second service is authorized on the 
condition that second area management key data is used, 

when a plurality of third memory areas are defined in the second memory area, 
third memory management key data used for performing at least one of a write 
5 operation of data to a third memory area and a rewrite operation of data in the third 
memory area is defined for each of the plurality of third memory areas, and said 
integrated circuit stores said third area management key data, 

said data processing apparatus, comprising: 

a memory means storing third area management data and file key data which is 
10 issued by the second service provider, used at the time of writing the file data to a third 
memory area, and encrypted by the third area management key data; 

an. output means for outputting the encrypted file key data to the integrated 
circuit; and 

a writing means for writing file data to be used for providing the second service 
15 to the second memory area of the integrated circuit by using the file key data. 

25. A portable unit issuing method comprising the steps of: 

issuing a portable unit including an integrated circuit for storing memory area 

division data and first area management key data and authorizing at least one of a write 
20 operation to a memory area in said integrated circuit and a rewrite operation in the 

memory area on the condition that the first area management key data is used and 

requesting a memory area opedration unit managing the memory area division 

data to divide the memory area of the integrated circuit to a first memory area wherein 

at least one of a write operation and re- write operation in the memory area is 
25 authorized on the condition that the first area management key data is used and a 

second memory area wherein at least one of a write operation and a rewrite operation 

in the memory area is authorized on the condition that the second area management 

key data is used by using the memory area division data, 

30 26. A method of issuing a portable imit as set forth m claim 25, wherein 

said portable unit is a integrated circuit card. 
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27. A program for making a computer execute processing so that a portable 
device including an integrated circuit for storing memory area division data, a system 
code for identifying a first service provider, and first area management key data which 
is authorized to perform at least one of a write operation to a memory area of said 
integrated circuit and a rewrite operation to the memory area on the condition that the 
first area management key data makes a second service provider provide a service 
using part of said memory area of said integrated circuit when issued by a first service 
provider providing a first service using said memory area, comprising making the 
computer execute 

a routine for receiving as input the system code from the integrated circuit; 

a routine for referring to a registerable system code list indicating the system 
code given to the first service provider which can provide a service by the same 
integrated circuit as the second service provider and judging whether the input system 
code is indicated in the registerable system code list; and 

a routine for outputting to the integrated circuit a module including second area 
management data issued by a memory area operation imit managing execution of the 
program and encrypted by the memory area operation unit by using the key memory 
area division data and fiirther encrypted by the first service provider by using the first 
area management key data when judging that the input system code is indicated in the 
registerable system code list. 

28. A data processing method for processing so that a portable device 
including an integrated circuit for storing distribution key data, a system code for 
identifying a first service provider, and first area management key data which is 
authorized to perform at least one of a write operation to a memory area of said 
integrated circuit and a rewrite operation to the memory area on the condition that the 
first area management key data makes a second service provider provide a service 
using part of said memory area of said integrated circuit when issued by a first service 
provider providing a first service using said memory area, comprising: 

a routine of inputting the system code &om the integrated circuit; 
a routine of referring to a registerable system code list indicatmg the system 
code given to the first service provider which can provide service by the same 
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integrated circuit as the second service provider and judging whether the input system 
code is indicated in the registerable system code hst; and 

a routine of outputting to the integrated circuit a module including second area 
management data issued by a memory area operation unit managing execution of the 
program and encrypted by the memory area operation unit by using the distribution 
key data and further encrypted by the first service provider usmg the first area 
management key data when it judges that the input system code is indicated in the 
registerable system code hst. 

29. A program for making a computer execute processing for writing file 
data to a second memory area of an integrated circuit having a first memory area 
wherein at least one of a write operation and rewrite operation of file data used for 
providing a firet service is authorized on the condition that first area management key 
data is used and a second memory area wherein at least one of a write operation and 
rewrite operation of file data used for providing a second service is authorized on the 
condition that second area management key data is used, said program comprising: 

a routine of outputting to the integrated circuit file key data which is issued by 
a second service provider, used at the time of writing the file data in a third memory 
area, and encrypted by a third area management data when a plurality of third memory 
areas are defined in the second memory area, a third memory management key data 
used for performing at least one of a write operation to a third memory area and a 
rewrite operation in the third memory area is defined for each of the plurahty of third 
memory areas, and the integrated circuit stores the third area management key data; 
and 

a routine of writing file data used for providing the second service in the 
second memory area of the integrated circuit by using the file key data. 

30. A data processing method for performing processing for writing file 
data to a second memory area of an hitegrated circuit having a first memory area 
wherein at least one of a write operation and rewrite operation of file data used for 
providing a first service is authorized on the condition that first area management key 
data is used and a second memory area wherein at least one of a write operation and 
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rewrite operation of file data used for providing a second service is authorized on the 
condition that second area management key data is used, comprising: 

a routine of outputting to the integrated circuit file key data which is issued by 
a second service provider, used at the time of writing the file data in a third memory 
area, and encrypted by a third area management data when a plurality of third memory 
areas are defined in the second memory area, a third memory management key data 
used for performing at least one of a write operation of data to a third memory area and 
a rewrite operation of data in the third memory area is defined for each of the plurality 
of third memory areas, and the integrated circuit stores the third area management key 
data and 

a routine of writing file data used for providing the second service in the 
second memory area of the integrated circuit by using the file key data. 
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ABSTRACT 



An IC card issuer issues an IC card and requests a card memory area operator 
to lend part of a memory area of the IC card to another card memory area user. The 
card memory area operator provides a memory area division apparatus and various 
data to the memory area division apparatus under the control of an operator 
communication apparatus 12. The card memory area user divides the memory area of 
the IC card into a memory area to be used by the IC card issuer and a memory area to 
be used by the card memory area user. The operation file registration apparatus writes 
file data for the card memory area user to the memory area of the card memory area 
user obtained by the above division. 
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REMARKS 

The present amendment makes editorial changes and corrects typographical 
errors in the specification, which includes the Abstract, in order to confomi the 
specification to the requirements of United States Patent Practice. No new matter is 
added thereby. Attached hereto is a marked-up version of the changes made to the 
specification by the present amendment. The attached page is captioned "Version 
With Markin2S To Show Changes Made". 

Early consideration on the merits is respectfully requested. 

Respectfully submitted. 
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VERSIONS WITH MARKINGS TO SHOW CHANGES MADE 

In The Speciflcatjon: 

The Specification of the present application, including the Abstract, has been 
5 amended as follows: 
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TITLE OF THE INVENTION 

1 0 :!A DATA PROCESSING METHOD AND SYSTEM OF Sx\ME, POP^TABLE 

DE^aCE, DATA PROCESSING APPARATUS AND METHOD OF SAME, AND 
PRQGRiMv l , SYSTEM AND APPARATUS FOR PROCESSB>JG A VARIETY OF 
DEMANDS FROM A SERVICE PROVIDER'^ 
TECHNICAL FIELD 

15 

BACKGROUND OF THE INVENTION 
The present invention relates to a data processing method enabling provioion of 
a ser v ice o f , system and apparatus that processes a variety of demands from a plurality 
of service providers by using a colitary single TC (integrated circuit) card^ and a oyctom 
20 efthe fiame., fi pnrtnhtft H f=» viftn^ Hntn prn i ^ni^c^Tig apporatuo and mothod of the ccimo, and 
Qr program. 

BA C KGR O UND .\RT 

In the past, in an IC card system, an IC card carried by an individual has been 
recorded with various personal information ete^ and used for passing through subway 
25 and train turnstiles, controlling entry to and exiting from rooms, etc. 

As oppoG o d to thio^ ao oimilar Similar kinds of card-shaped media, for example, 
pre-paid cards, service cards issued by various stores, and user cards issued by 
software manufacturers are also in use. 

These cards, including the IC cards, arc individually issued and supphed ie^ 
30 by the respective service providers (businesses) relating to the cards. 

Note that by making it possible to give an IC card a the capacity enabling to 
enable iX to sufficient sufficiently store information relating to several services in its 
built-in memory, several businesses could share use of aa a single IC card. 
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In this way, businesses which had that individually issued cards up until now 
could reduce the load ift of issuing the cards and could secure a large number of users, 
which are difficult to oecur o by individual buGinocGos for individual businesses to 
secure. On the users' side, b)^ enabling a reduction in the number of cards tho)^ carr>^ 
and manage, they aro rotiovod that a user carries and manages^ relieves the user of the 
trouble of carrying and managing a large number of cards. 

When an IC card is shared by several businesses in this way, however, it 
becomes necessary to deal with a variety of requests compared with a caoo of one 
busineoG isouing an occlusive IC card . That is, some businesses might desire the 
convenience of an IC card^ as if the card was issued by itself^ even when uoing sharing 
an IC card with other businesses. Also, specific businesses might not want to share an 
IC card. Furthermore, a reduction of tho load at tho charing oido in the number of 
businesses that share a card may also be requested. 

The present invention was made in conoidomtion with the above pointo and hac 
ao an object thereof to provido considers the issues above and provides a data 
processing method and a cystem of the came, a portable de\n[co, a data prococGing 
gpparatuG and method of tho Gomo, and a program capabl e of doaling wth , svstem and 
apparatus for processing a variety of demands including cecurity aopocto of from a 
service provider when a plurality of businesses share a single IC card. 

DISCLOSURE SUMMARY OF THE INVENTION 
To attain the above object, a data processing method of a first aspect of the 
present invention comprises a data processing method for processing data so that a 
portable device mounting including an integrated circuit storing Icoy data for dividing 
memory area division data and first area management key data which is authorized to 
perform at least one of a write operation of data to a memory area of said integrated 
circuit and a rewrite operation of data to the memory area conditional on the use of the 
first area management key data makes a second service provider provide a service 
using part of said memory area of said integrated circuit when issued by a first service 
provider providing a service using said memory area, comprising having a memory 
area operation unit managing said k ey data for dividing memory area division data 
encrypt first module data including second area management key data by the key 
memory area division data for dividing by and provide the same to the first service 
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provider; having the issuer of the portable device, that is, said first service provider, 
encrypt second module data including the encrypted first module by using said first 
area management key data and provide the same to said memory area operation unit; 
and, imder the control of the memory area operation unit, providing the encrypted 
second module data to the integrated circuit, decrypting the second module data by 
using the first area management key data in the integrated circuit, decrypting the first 
module data in the decrypted second module by using the key data for dividing 
memory area division data , and dividing the memory area to a first memory area to be 
used for service of the first service provider and a second memory area to be used for 
service of the second service provider by using the second area management key data 
obtained by the decrypting. 

In the above first data processing method, the second memory area used for 
service of the second service provider is suitably formed conditional on the second 
module being decrypted in the integrated circuit and the integrated circtxit obtaining 
the second area management key data. 

At this time, since the first module is encrypted by key data for dividing 
memory area division data, the content of the second area management key data 
included in the second module can be kept secret firom the first service provider. 
Therefore, the fibrst service provider cannot illicitly generate the second module 
without the permission of the memory area operation unit. 

Further, the second module is encrypted by first area management key data, 
and the first area management key data is kept secret fi-om the second service provider. 
Therefore, the memory area operation unit cannot illicitly generate a second module 
without permission fi-om the first service provider. 

Namely, since the second module cannot be generated without using both the 
first management key data and key data for dividing memory area division data , the 
integrated circuit cannot obtain second area management key data necessary for 
generating the second memory area. 

Further, since both of the koy data for dividing memory area division data and 
the first area management key data are kept secret from the second service provider, 
the second service provider cannot generate a second module. 

Due to this, insofar as the first service provider, memory area operation unit, 
and second service provider suitably tie up to perform processing, the second memory 
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area is not fonned in the integrated circuit, go a high and greater security can be 
reahzed. provided. 

Further Furthermore ^ the data processing method of the first aspect of the 
present invention preferably has the integrated circuit divide the memory area into the 
first memory area wherein at least one of a write operation of data and a rewrite 
operation of data is authorized conditional on use of the first area management key 
data and the second memory area wherein at least one of a write operation of data and 
a rewrite operation e f data is authorized conditional on use of the second area 
management key data. 

Further, the data processing method of the first aspect of the present invention 
preferably has the integrated drcuit further store first system key data and authorize at 
least one of a write operation of data to the memory area and a rewrite operation si 
data in the memory area conditional on use of the first system key data and the first 
area management key data; has the memory area operation imit encrypt first module 
data further including second system key data by the key data for dividing and provide 
the same to the first service provider; has the first service provider encrypt second 
module data including the encrypted first module and division condition information 
indicating the condition for dividing the memory area for use by another service 
provider by using the first area management key data and provide it to the memory 
area operation unit; and has the integrated circuit decrypt the second module data by 
using the first area management key data, decrypt the first module data in the 
decrypted second module by using the key data for dividing, and divide the memory 
area by using the second system key data, second area management key data, and 
division condition information obtained by the decrypting. 

Further, a data processing system of a second aspect of the present invention 
comprises a data processing system for processing so that a portable device mounting 
including an integrated circuit storing k e y data for dividing memory area division data 
and first area management key data which is authorized to perform at least one of a 
write operation of data to a memory area of said integrated circuit and a rewrite 
operation of data to the memory area conditional on the use of the first area 
management key data makes a second service provider provide a service using part of 
said memory area of said integrated circuit when issued by a fust service provider 
providing a service using said memory area, wherein the system has a memory area 
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operation processing apparatus used by a memory area operation unit which manages 
the key data for dividing memory area division data, a first service provider processing 
apparatus used by the issuer of the portable device, that is, the first service provider, 
and a second service provider processing apparatus used by the first service provider; 
the memory area operation processing apparatus encrypts first module data including 
second area management key data by the key data for di^dding memory area division 
data and sends the same to the first service provider processing apparatus; the first 
service provider processing apparatus encrypts second module data including the 
received encrypted first module by using the first area management key data and sends 
the same to the memory area operation processing apparatus; the memory area 
operation processing apparatus provides the received encrypted second module data to 
the integrated circuit; and the integrated circuit decrypts the second module data by 
using the first area management key data, decrypts the first module data in the 
decrypted second module by using the key data for dividing memory area division 
data, and divides the memory area to a first memory area to be used for service of the 
first service provider and a second memory area to be used for service of the second 
service provider by using the second area management key data obtained by the 
decrypting under control of the memory area operation unit. 

Further, a portable device according to a third aspect of the present invention is 
a portable device mounting an integrated circuit used for a first service provider 
providing a service wherein the integrated circuit comprises a memory means for 
storing key data for dividing managed by a memory area operation unit performing 
processing to make a second service provider provide a service using a part of a 
memory area of the integrated circuit and first area management key data; an input 
means for inputting a module including second area management key data issued by 
the memory area operation unit which is encrypted by the memory area operation unit 
by using the key data for dividing memory area division data a nd fiuihermore 
encrypted by the first service provider by using the first area management key data; 
and a processing means for decrypting the input module by using the key data for 
dividing and the first area management key data, dividing a memory area of the 
memory means to a first memory area and a second memory area by using the second 
area management key data in the decrypted module, authorizing at least one of a write 
operation of data to the first memory area and a rewrite operation of data in the 
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memory area conditional on use of the first area management key data and authorizing 
at least one of a write operation e f data to the second memory area and a rewrite 
operation of data in the memory area conditional on use of the second area 
management key data. 

Further, a data processing apparatus according to a fourth aspect of the present 
invention is a data processing apparatus for processing so that a portable device 
mounting including an integrated circuit stonng distribution key memory area division 
data, a system code for identifying a first service provider, and first area management 
key data which is authorized to perform at least one of a write operation of data to a 
memory area of said integrated circuit and a rewrite operation of data to the memory 
area conditional on the use of the first area management key data makes a second 
service provider provide a service usmg part of said memory area of said integrated 
circuit when issued by a first service provider providing a first service using said 
memory area, wherein the apparatus has a memory means, processing means, and 
input/output means; the memory means stores rejection information for specifying a 
service provider which can provide service by the same integrated circuit indicated by 
the first service provider and the second service provider; the processing means 
encrypts a first module including second management key data by using the key data 
for di^^ding memorv area division data : the input/output means outputs the encrypted 
first module to provide it to the first service provider, receives as input a second 
module including the encrypted first module and encrypted in the first service provider 
by using the first area management key data, and outputs the second module to provide 
it to a memory area division apparatus for dividing the memory area imder control of 
the second service provider so that a part of the memory area of the integrated circuit 
can be used by the second service provider; the processing means generates a 
registerable system code list indicating the system code added to the first service 
provider which can provide service by the same integrated circuit as the second service 
provider based on the rejection information; and the input^output means outputs the 
system code list to provide it to the memory area division apparatus. 

Further, a data processing apparatus according to a fifth aspect of the present 
invention is a data processing apparatus for processing so that a portable device 
mounting including an integrated circuit storing distribution key data, a system code 
for identifying a first service provider, and first area management key data which is 
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authorized to perform at least one of a write operation of data to a memory area of said 
integrated circuit and a rewrite operation of data to the memory area conditional on the 
use of the first area management key data makes a second service provider provide a 
service using part of said memory area of said integrated circuit v/hen issued by a first 
service provider providing a first service using said memory area, wherein the 
^paratus has a memory means, input/output means, and processing means; the 
memory means stores a module including second area management key data issued by 
a memory area operation unit for managing processing of the data processing 
apparatus and encrypted by the memory area operation unit by using the distribution 
key data for dividing and a registerable system code list indicating the system code 
added to the first service provider which can provide service by the same integrated 
circuit as the second service provider; the input/output means receives as input the 
system code from the integrated circuit; and the processing means outputs the module 
to the integrated circuit via the input/output means when it judges that the input system 
code is indicated in the registerable system code list. 

Further, a data processing apparatus according to a sixth aspect of the present 
invention is a data processing apparatus fgr performing processing to write file data in 
a second memory area of an integrated circuit having a first memory area wherein at 
least one of a write operation and rewrite operation of file data used for providing a 
first service is authorized conditional on use of first area management key data and a 
second memory area wherein at least one of a write operation and rewrite operation of 
file data used for providing a second service is authorized conditional on use of second 
area management key data, comprising a memory means storing third area 
management data and file key data which is issued by the second service provider, 
used at the time of waiting the file data to a third memory area, and encrypted by the 
third area management key data when a plurality of third memory areas are defined in 
the second memory area, third memory management key data used for performing at 
least one of a write operation of data to a third memory area and a rewrite operation ef 
data in the third memory area is defined for each of the plurality of third memory 
areas, and said integrated ckcnit stores said third area management key data; an output 
means for outputting the encrypted file key data to the integrated circuit; and a writing 
means for wntmg file data to be used for providing the second service to the second 
memory area of the integrated circuit by using the file key data. 
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Further, a portable unit issuing method according to a seventh aspect of the 
present invention comprises issuing a portable unit mounting including an integrated 
circuit storing Ico)^ data for dividing memory area division data and first area 
management key data and authorizing at least one of a write operation of data to a 
memory area in said integrated circuit and a rewrite operation of data in the memory 
area conditional on use of the first area management key data and requesting a 
memory area operation unit managing the ke^^ data for dividing memory area division 
data to divide the memory area of the integrated circuit to a first memory area wherein 
at least one of a write operation of data and re-write data operation in the memory area 
is authorized conditional on use of the first area management key data and a second 
memory area wherein at least one of a write operation of data and a rewrite operation 

data in the memory area is authorized conditional on use of the second area 
management key data by using the key data for dividing memory area division data . 

Further, a program according to an eighth aspect of the present invention is a 
program for making a computer execute processing so that a portable device mounting 
including an integrated circuit storing key data for dividing memory area division data. 
a system code for identifying a first service provider, and first area management key 
data which is authorized to perform at least one of a write operation of data to a 
memory area of said integrated circuit and a rewrite operation of data to the memory 
area conditional on the use of the first area management key data makes a second 
service provider provide a service using part of said memory area of said integrated 
circuit when issued by a first service provider providing a first service using said 
memory area, comprising making the computer execute a routine for receiving as input 
the system code from the integrated circuit; a routine for referring to a registerable 
system code list indicating the system code given to the first service provider which 
can provide a service by the same integrated circuit as the second service provider and 
judging whether the input system code is indicated in the registerable system code list; 
and a routine for outputting to the integrated circuit a module including second area 
management data issued by a memory area operation unit managing execution of the 
program and encrypted by the memory area operation unit by using the key data for 
dividing memory area division data and further encrypted by the first service provider 
by using the furst area management key data when judging that the input system code 
is indicated in the registerable system code list. 
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Further, a data processing method according to a ninth aspect of the present 
invention is a data processing method for processing so that a portable device 
mounting including an integrated circuit storing distribution key data, a system code 
for identifying a first service provider, and first area management key data which is 
5 authorized to perform at least one of a write operation of data to a memory area of said 
integrated circuit and a rewrite operation of data to the memory area conditional on the 
use of the first area management key data makes a second service provider provide a 
service using part of said memory area of said integrated circuit when issued by a first 
service provider providing a first service using said memory area, comprising a routine 
10 of inputting the system code fi-om the integrated circuit; a routine of referring to a 
registerable system code list indicating the system code given to the first service 
provider which can provide service by the same integrated circuit as the second service 
p provider and judging whether the input system code is indicated in the registerable 

system code list; and a routine of outputting to the integrated circuit a module 
^ 15 including second area management data issued by a memory area operation unit 
J managing execution of the program and encrypted by the memory area operation unit 

M by using the distribution key data for dividing and fiuther encrypted by the first service 

□ provider by using the first area management key data when it judges that the input 

system code is indicated in the registerable system code list. 
20 Further, a program according to a 40^ tenth aspect of the present invention is a 

program for making a computer execute processing for writing file data to a second 
memory area of an integrated circuit having a first memory area wherein at least one of 
a write operation and rewrite operation of file data used for providing a first service is 
authorized conditional on use of first area management key data and a second memory 
25 area wherein at least one of a write operation and rewrite operation of file data used for 
providing a second service is authorized conditional on use of second area 
management key data, comprising making the computer execute a routine of 
outputting to the integrated circuit file key data which is issued by a second service 
provider, used at the time of writing the file data in a third memory area, and encrypted 
30 by a third area management data when a plurality of third memory areas are defined in 
the second memory area, a third memory management key data used for performing at 
least one of a write operation of data to a third memory area and a rewrite operation ef 
data in the third memory area is defined for each of the plurality of third memory 
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areas, and the integrated circuit stores the third area management key data and a 
routine of writing file data used for providing the second service in the second memory 
area of the integrated circuit by using the file key data. 

Further, a data processing method according to an 11th eleventh aspect of the 
5 present invention is a data processing method for performing processing for writing 
file data to a second memoiy area of an integrated circuit having a first memory area 
wherein at least one of a write operation and rewrite operation of file data used for 
providing a first service is authorized conditional on use of first area management key 
data and a second memory area wherein at least one of a write operation and rewrite 
1 0 operation of file data used for providing a second service is authorized conditional on 
use of second area management key data, comprising a routine of outputting to the 
integrated circuit file key data which is issued by a second seryice provider, used at the 
time of writing the file data in a third memory area, and encrypted by a third area 
management data when a plurality of third memory areas are defined in the second 
1^ 15 memory area, a third memory management key data used for performing at least one 
^ of a write operation of data to a third memory area and a rewrite operation of data in 

Q the third memory area is defined for each of the plurality of third memory areas, and 

Q the integrated circuit stores the third area management key data and a routine of 

iH writing file data used for providing the second service in the second memory area of 

m 20 the integrated circuit by using the file key data. 

BRIEF DESCRIPTION OF THE DR.\WIMGS FIGURES 
FIG. 1 is a view of the overall configuration of a communication system 
according to an embodiment of the present invention in a firot embodiment ; 
25 FIG. 2 is a block diagram ef showing the functions of aa tiie IC card shown in 

Fiai; 

FIG. 3 is a view for block diagram explaining how data is stored in a memory 
of the IC card shown in FIG. 2 after issuance by an IC card issuer and before operation 
processing by a card memory area operator 22; 
30 FIG. 4 is a block diagram ef showing the fimctions of an issuer commimication 

apparatus 11 shown in FIG. 1; 

FIG. 5 is a block diagram ef showing the functions of an operator 
communication apparams 44- 12 shown in FIG, 1 ; 
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FIG. 6 is a block diagram of the functions of a memory area division 
registration apparatus 14 shown in FTG. 1; 

FIG. 7 is a block diagram ef showing the functions of an operation file 
registration apparatus 15 shown in FIG, 1; 
5 FIG. 8 is a flowchart fep explaining an outline of an the overall operation of the 

communication system shown in FIG. 1 ; 

FIG. 9 is a flowchart ler explaining the package data generation processing of 
step STl shown in FIG. 8; 

FIG. lOA, FIG. lOB, and FIG. 1 OC are views fef explaining package data Pf 

10 andPj; 

FIG. 1 1 is a flowchart fef explaining ^le delivery and setting of a memory area 
division apparatus at step ST2 shown in FIG. 8; 
JI^ FIG. 1 2 is a view let explaining first issued data; 

O FIG. 1 3 is a flowchart fef explaining what follows firom the setting of the 

^ 15 memory area division registration apparatus 14 at step ST3 shown in FIG. 8; 
% FIG. 14A is a view S&f explaining an area code acquisition request; 

Q FIG. 14B is a view fer explaining an apparatus code list; 

p FIG. 14C is a view fef explaining an area management code list; 

FIG. 15A is a view fep explaining a registerablc system code list; 
ffl 20 FIG. 15B is a view fef explaining area registration permission data; 

FIG. 16 is a view fer explaining data stored in the memory of the memory area 
division apparatus after completing step ST3 shown in FIG. 8; 

FIG. 17 is a view fef explaining what follows the setting of an operation file 
registration apparatus at step ST4 shown in FIG. 8; 
25 FIG. 1 8 is a view ^ explaining how data is stored in the operation file 

registration apparatus after completing step ST4 shown in FIG. 8; 

FIG. 19A and FIG. 19B are views fot explaining file registration permission 

data; 

FIG. 20 is a flowchart for explaining memory area division processing of the 
30 IC card by the memory area division apparatus performed at step ST5 shown in FIG. 
8; 

FIG. 21 is a flowchart contmued from FIG. 20; 



418827/D/2 CP0B02. 



71 



FIG. 22 is a view fer explaining a state after dividing the memory area of the 
IC card; 

FIG. 23 is a view fe^ explaining a state after defining an area 
".\REA" ("AR£A") in the memory area of the IC card; 
5 FIG. 24 is a view explaining registration processing of file data to the IC 

card by the operation file registration apparatus performed at step ST6 shown in FIG. 
8; 

FIG. 25 is a view fef explaining the memory area of the IC card after the 
registration of the file data; 
1 0 FIG. 26 is a block diagram iof explaining division of a memory space in an IC 

card system explained with reference to ^ m embodiment of the present invention; 
FIG. 27 is a block diagram showing the IC card system shown in FIG. 26; 
^ FIG. 28 is a simplified diagram i&B explaining the memory space of the IC card 

S shown in FIG. 26; 

J, 15 FIG» 29 is a simplified diagram of the memory space after division; 

FIG. 30 is a simpUfied diagram (&f explaining pre-processing of rejection 
Q processing in the IC card system shown in FIG. 26; 

1, FIG. 3 1 is a simpHfied diagram fep explaining processing continued fi-om the 

nJ processing in FIG. 30; 

gl 20 FIG. 32 is a simplified diagram feF explaining processing continued firom the 

s====. . 

processing in FIG. 31; and 

FIG. 33 is a simplified diagram lep explaining registration processing in the IC 
card system shown in FIG. 26. 



25 BEST MODE FOR Ci\PJlYING OUT DETAILED DESCRIPTION OF THE 

INVENTION 

Below, the best mode for carrying out the present invention will be explained 
with reference to the attached drawings. 

FIG. 1 is a view of the overall configuration of a communication system 1 
30 according to an embodiment of the present invention. 

As shown in FIG. 1, the communication system 1 comprises, for example, an 
issuer communication apparatus 11 to be used by an IC card issuer 21, an operator 
conununication apparatus 1 2 to be used by a card memory area operator 22, a 

418827/n/2 CP0B02_ 72 



manufacturer communication apparatus 13 to be used by an apparatus manufacturer 
23, and a memory area division registration apparatus 14 and an operation file 
registration apparatus 15 to be used by a card memory area user 24. 

In the communication system 1 , when the IC card issuer 21 issues an IC card 
16 to a card holder 26, it registers file data related to ^ services provided by the card 
memory area user 24 in the IC card 16 based on predetermined conditions so that the 
card holder 26 can receive services from both the IC card issuer 21 and the card 
memory area user 24 by using tfe© a single IC card 16 alone . 

As shown in FIG. 1, in the commimication system 1, the issuer communication 
apparatus 11 > the operator communication apparatus 12, the manufacturer 
commimication apparatus 13, the memory area division registration apparatus 14, and 
the operation file registration apparatus 15 are connected via a network 17. 

In FIG. 1, the IC card issuer 21 issues the IC card 16 and provides its own 
service by using services for the IC card 16. 

The card memory area operator 22 receives a request fi-om the IC card issuer 
21 and provides a service of lending the card memory area user 24 a memory area that 
the IC card issuer 21 does not use in the memory area of the memory (semiconductor 
memory) in the IC card 1 6 issued by the IC card issuer 21. 

The apparatus manufacturer 23 receives a request from the card memory area 
operator 22, produces the memory area division registration apparatus 14, and delivers 
the same to the card memory area user 24. 

The card memory area user 24 issues a request to the card memory area 
operator 22 and provides its own s e rvic e by using services for the memory area of the 
IC card 16. 

The card holder 26 is issued the IC card 16 by the IC card issuer 21 and 
receives the services provided by the IC card issuer 21 . When the card holder 26 
dosires wants to receive services provided by the card memory area user 24 after the 
issuance of the IC card 16, it is possible to store file data related to the services of the 
card memory area user 24 in the IC card 1 6. The file data is stored by using the 
memory area division registration apparatus 14 and the operation file registration 
apparatus 15 so as to receive the services by of the card memory area user 24. 

In providing G@r\nooo by Because the single IC card 16 includes the services of 
the IC card issuer 21 and servicefrby the card memory area user 24 by using the single 
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IC card 16, the communication system 1 is configured so that it is difficult for an 
unauthorized person to illicitly write and rewrite data in a memory area where the file 
data related to the services of the IC card issuer 21 and the card memory area user 24 
is stored. 

5 Note that in FIG, 1 , the case wh e re there a^e is only one of each of the IC card 

issuer 2 1 , the card memory area user 24, and the card holder 26 io GhoviH as an 
example, but ono or more of each of them may be provid e d, card holder 26 shown in 
the example. The present invention, however, can be used with one or more IC card 
issuer 2 K card memory area user 24. and card holder 26. 
10 Also, the correspondence of the components of the present embodiment and the 

components of the claims is, for example, that the IC card issuer 21 and the issuer 
communication apparatus 1 1 correspond to thp first service provider of the present 
invention. Also Furtharmore, the card memory area user 24 corresponds to the second 
service provider of the present invention. The operator communication apparatus 12 
1 5 and the card memory area operator 22 correspond to the memory area operator of the 
present invention. 

Q Also, the area management key data K_AM_(i) corresponds to the first area 

Q management key data of the present invention and the area management key data 

0=5 K_AM_F corresponds to the second area managanent key data of the present 

■i r= 

M 20 invention. 

p^l Furthermore, the IC card 16 corresponds to the portable device provided with 

an mtegrated circuit of the present invention. 

Note that in the present embodiment, the IC card 16 is shown as an example of 
the portable device of the present invention , but for exampl e . However, the portable 
25 device of the present invention may also be a portable telephone device, portable 
information terminal apparatus, eter or other similar devices, provided with an IC 
(integrated circuit). 

Also, package data Pf corresponds to the first module of the present invention, 
while package data Pj corresponds to the second module of the present invention. 
30 Also, an uppermost area AREA_MU_(i) corresponds to a first memory area of 

the present invention, while an uppermost area AREA_MU_F corresponds to a second 
area memory area of the present invention. Also, a lower layer of the area AREA of 
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the uppermost area AREA_MU_F corresponds to the third memory area of the present 
invention. 

First, the components of the communication system 1 shown in FIG. 1 will be 
explained, 

[IC card 16] 

Referring to FIG. 2 is^ a block diagram ef shows the functions of the IC card 16 
shoviTi in of FIG. 1. 

As - fihown in In FIG. 2, the IC card 16 comprises, for example, an inputyoutput 
interface 3 1, a memory 32, and a processor 33. 

The input/output interface 31 is an interface for inputting/outputting data and 
requests by a non-contact method or a contact method between the memory area 
division registration apparatus 14 and the operation file registration apparatus 1 5 when 
mounted in the memory area division registration apparatus 14 and the operation file 
registration apparatus 15, respectively. 

The memory 32 is for example a semiconductor memory which stores data 
related to services provided by the IC card issuer 21 eedL^ the card memory area user 24 
and data related to an operation by the card memory area operator 22 as will be 
e xplained l a ter discussed below . 

The processor 33 performs processing related to the fimctions of the IC card 

16. 

FIG. 3^ is a view fer explaining how data is stored in the memory 32 of the IC 
card 16 shown in FIG. 2 after the issuance of theIC card 16 by the IC card issuer 21^ 
and before operation processing by the card memory area operator 22. 

As shown in FIG. 3, the memory 32 stores a system code SYSC_(i) assigned to 
the IC card issuer 21 and system key data SYS__K_(i) linked with the system code 
SYSCJi). 

Also, as shown in FIG. 3, the memory 32 for example has a hierarchical 
structure wherein the uppermost memory area AREA_MU_(i) is the uppermost layer 
and a plurality of areas AREA_(i) are defined as lower layers thereof. An area 
AR£A_(i) may be furthermore defined as a lower layer of the area AREA shown in 
FIG. 3. 

The uppermost area management key data K_MU_(i) is assigned to the 
uppermost memory area AREA_MU_(i). 
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The areas AREA_(i) are assigned the area management code AMC_(i) and area 
management key data K_AM_(i). 

Also, a plurality of file data FELE ^) for performing processing related to 
services provided by the IC card issuer 21 are set (stored) in the area AREA_(i). 
5 Also, in correspondence to the file data FILE (i), tfte memory 32 stores service 

codes SC_(i) assigned to services provided by using the file data and file management 
key data K_FM (i) used for setting the file data FrLE_(i). 
[Issuer Comnmnieati^n ApparatuG-1 1 ] 

FIG. 4 is Referring to FIG. 4, a block diagram of shows the fimctions of the 
1 0 issuer communication apparatus 1 1 s hown in of FIG. 1 . 

As shown in FIG. 4, the issuer communication apparatus 1 1 comprises for 
example a communication interface 41, a memory 42, and a processor 43. 

The issuer communication apparatus 1 1, as shown in FIG. 3, performs 
processing for encrypting the package data Pf received firom the operation 
1 5 conrmimication apparatus 12 by using the system key data SYS JK._(i) stored in the 
memory 32 of the IC card 16 in a secured state (secret state) so as to generate the 
package data Pj as will be explained later. 

Note that the system key data SYS_K (i) is known only by the IC card issuer 
21 and kept secret from the card memory area operator 22, the apparatus manufacturer 
20 23, and the card memory area user 24 shown in FIG. 1 . 
ni The communication interface 41 is an interface for sending/receiving data with 

the operation communication qjparatus 12 via the network 17. 

The memory 42 stores various the data shown in FIG. 3 , which is stored in the 
IC card 16 issued by the IC card issuer 21. 
25 The processor 43 performs processing o perations (generation of Pj) related to 

the lending of the memory 32 of th e IC card 16 with die operation communication 
apparatus 12 as will be explained later. 

[Op e rator Communication Apporatufi 12] 

FIG. 5 is Referring to FIG. 5. a block diagram shows the functions of the 
30 operator communication apparatus 12 ohown in of FIG. I . 

As shown in FIG. 5, the operator communication apparatus 12 comprises^ for 
example^ a communication interface 51, a memory 52, and a processor 53. 
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The operator communication apparatus 12 manages a variety of processing for 
lending a memory area of the memory 32 of the IC card 16 to the card memory area 
user 24. 

The communication interface 51 is an interface for sending/receiving data 
between the issuer communication apparatus 11, the memory area division registration 
apparatus 14, and the operation file registration apparatus 15 via the network 17. 

The memory 52 stores a system code SYSC_F related to a new memory area to 
be formed by dividing the memory area of the memory 32 of the IC card 16 and 
system key data SYS K F corresponding to the system code SYSC_F etc. 

Also, the memory 52 stores division key data K_D. 

The processor 53 performs various processing operations for lending a memory 
area of the memory 32 of thoIC card 16 to the card memory area user 24 as will be 
explained later. 

[Memory Aroa Divioion Apparatus 11] 

FIG. 6 is Referring to FIG. 6. a block diagram ef shows the functions of the 
memory area division registration apparatus 14 shown in of FIG. 1. 

The memory area division registration apparatus 14 is for example provided to 
a store etc. of the card memory area user 24. Note that the memory area division 
registration apparatus 14 may also be provided at a store ete? or similar location of the 
operator communication apparatus 12. 

Also, the memory area division registration apparatus 14 is produced by the 
apparatus manufacturer 23 and delivered to the card memory area user 24. 

As shown in FIG. 6, the memory area division registration apparatus 14^ for 
example^ comprises a communication interface 61, a card interface 62, an operator 63, 
a memory 64, and a processor 65. 

The cormnimication interface 61 is an interface for sending/receiving data with 
the operator communication apparatus 12 via the network 17. 

The card interface 62 is an interface connected to the input/output interface 31 
of the IC card 16 shown in FIG. 2 which inputs/outputs data and requests from/to the 
input/output interface 31 when the IC card 16 is mounted in the memory area division 
registration apparatus 14. 

The operator 63 is used^ for example^ when the card holder 26^ who visited a 
store of the card memory area user 24. inputs an instruction. 
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The memory 64 stores data required for processing of the processor 65. 

The processor 65 performs processing for dividing the memory area of ^ 
memory 32 of the IC card to form a memory area for writing file data related to the 
services of the card memory area user 24, 

[Operation File Rogictration Apparatus 15] 

FIG. 7 ia Referring to FIG. 7. a block diagram ef shows the functions of the 
operation file registration apparatus 15 shown in of FIG. 1. 

The operation file registration apparatus 15 is^ for example^ provided at a store 
«ter or similar location of the card memory area user 24. 

As shown in FIG. 7, the memory area division registration apparatus 14 for 
example comprises a communication interface 71, a card interface 72, an operator 73, 
a memory 74, and a processor 75. 

The communication interface 71 is an interface for sending/receiving data with 
the operator communication apparatus 12 via the network 17. 

The card interface 72 is an interface connected to the input/output interface 31 
of the IC card 16 shown in FIG. 2 which inputs/outputs data and requests to/fiom the 
input/output interface 31 when the IC card 16 is mounted in the operation file 
registration apparatus 15. 

The operator 73 is used by a card holder 26^, who visits a store of the card 
memory area user 24^ to input an instruction. 

The memory 74 stores data required for processing of the processor 75. 

The processor 75 performs processing for writing file data used for procopging^ 
related to the services provided by the memory area division registration apparatus 14^ 
in the memory area divided by the above memory area division registration apparatus 
14. 

Below, an example of the operation of the communication system 1 shown in 
FIG. 1 will be explained. 

First, an outline of die overall operation of the communication system shown in 
FIG. 1 will be explained. 

FIG. 8 is a flowchart for explaining the outline of the overall operation of the 
communication system 1 shown in FIG. 1. 
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Step ST 1: 

The operator comniunication apparatus 12 generates package data Pf including 
a system code SYSC_F used at the time of dividing the memory area of the memory 
32 of the IC card 16 and uppermost area management key data K_MU_F, encrypts it 
by division key data K_D and sends it. The issuer communication apparatus 1 1 
encrypts the package data Pf by using the system key data SYS_K_(i) to generate 
package data Pj^ vv^hich is sent to the operator communication apparatus 12. 

The package data Pj is held by the operator communication apparatus 12. 

Step ST2: 

The memory area division registration apparatus 14 is delivered from the 
apparatus manufacturer 23 to the card memory area user 24. 

Also, the system code S YSC_(i) and the package data Pj^ etc. are sent from the 
operator communication q)paratus 12 to the memory area division registration 
apparatus 14 and stored in the memory area division registration apparatus 14. 

Step ST3: 

A registerable system code Ust RPSL and area registration permission data 
INF_ARP are sent fixim the operator communication ^paratus 12 to the memory area 
division registration apparatus 14 and stored in the memory area division registration 
apparatus 14. 

The registerable system code hst RPSL includes a system code of the IC card 
16 to which file data of services related to the card memory area user 24 can be 
registered by using the memory area division registration apparatus 14. 

The area registration pennission data INF ARP is used for registering an area 
AREA_F defmed in a nev^ memory area obtained by dividing the memory area of the 
IC card 16. 

Step ST4: 

The area management key data K QM F is provided by a secured path from 
the operator communication apparatus 12 to the operation file registration apparatus 
15. 

Here, the area management data K AM F is used at the time of writing file 
data in one or more areas AREA_F defined in the new memory area formed by 
dividing the memory area of the IC card 1 6. 
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Also, file registration permission data FRP is generated in the operation file 
registration apparatus 15. 
Step ST5: 

For example, when the card holder 26 loads the IC card 16 in the memory area 
division registration apparatus 14, the memory area division apparatus divides the 
memory area of the memory 32 of the IC card 16 by performing predetermined 
processing to define a memory area used by the IC card issuer 21 (the uppermost area 
AREAJVnj_(i) shown in FIG. 3) and a new memory area used by the card memory 
area user 24 (the uppermost area management key data area MU_F). 

Step ST6: 

When the card holder loads the IC card 16 in the operation file registration 
apparatus 15, file data related to the service provider provided by the card memory 
area user 24 is written by using the file registration permission data FRP m into the 
new memory area defined at step ST5. 

As a result, the card holder 26 can receive services fi-om both by the IC card 
issuer 2 1 and the card memory area user 24 by using ^ a sineJe IC card 1 6 alone. 

Below, each of the steps shown in FIG. 8 will be explained in detail by using a 
flowchart. 

[Package Data Gonoration Processing (STl - ) j 

First, package data generation processing of the step STl shown in FIG. 8 will 
be explained. 

FIG. 9 is a flowchart for explaining the processing. 
StepST21: 

The processor 53 of the operator communication apparatus 12 showoi in FIG. 1 
and FIG. 5, as shown in FIG. lOA, divides the memory area of the memory 32 of the 
IC card 16 and generates the package data Pf including the system code SYSC_F of 
the uppermost area AREA_MU_F of a momory aroa to be newly formed in addition to 
th e uppermost area i\PLEA_]MU_(i) and the corresponding system key data S YS_K_F. 

Step ST22: 

The processor 53 of the operator communication apparatus 1 2, as shown in 
FIG. lOB, encrypts the package data Pf generated at step STl by using division key 
data K_D read from the memory 52. 
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step ST23: 

The package data Pf generated at step ST22 is sent to the issuer communication 
apparatus 1 1 via the communication interface 51 of the operator communication 
apparatus 12 and the network 17. 
5 The package data Pf is received by the communication interface 41 of the 

issuer communication apparatus 1 1 shown in FIG. 4. 
Step ST24: 

The processor 43 of the operator communication apparatus 1 1 shown in FIG. 4 
generates the package data Pj includin g . The package data Pi includes the division 
1 0 block number data for defining a memory capacity of the memory area which is 

requested to be operated by (lent to) the card memory area operator 22 in the memory 
capacity of tho m e mory 32 of tho IC card 16 memory 32 and the package data Pf 
received at step ST23. 

Step ST25: 

15 The processor 43 of the issuer conamunication apparatus 1 1 encrypts the 

package data Pj generated at step ST24 by the uppermost area management key data 
K_MU_(i) read JBrom the memory 42. 
Step ST26: 

The processor 43 of the issuer communication apparatus 1 1 sends to the 
20 operator communication apparatus 12 the system code SYSC_(i), rejection 
information RI_(i), and the package data Pj encrypted at step ST25 via the 
communication interface 41 and the network 17. 

These are received by the communication interface 51 of the operator 
communication apparatus 12 shown in FIG. 5. 
25 Here, the rejection information RI_(i) is information for specif y ing a party for 

which provicion of Gervicep by t he information that specified which parties services are 
rejected by the IC card issuer 21 when using the same IC card 1 6 is rejected by tho IC 
card issu e r 21 . 

Step ST27: 

30 The processor 53 of the operator communication apparatus 12 shown in FIG, 5 

writes in the memory 52 the system code SYSC_(i), the rejection information RI_(i), 
and the encrypted package data Pj received at step ST26. 

[Dehvory and Sotting of Memory Area Divioion Apporatuo 1 * 1 (ST2)] 
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Noxt, procoooing for Next, d elivery and setting of the memory area division 
registration apparatus 14 at step ST2 shown in FIG. 8 will be explained. 
FIG. 1 1 is a flowchart for explaining the processing, 
StepST31: 

The card memory area user 24 orders the memory area division registration 
apparatus 14 from the card memory area operator 22. 
Step ST32: 

When the card memory area operator 22 receives the order at step ST3 1, it 
issues an apparatus code AC (registration machine code) to the memory area division 
registration apparatus 14 to be delivered to the card memory area user 24 and notifies 
that to the card memory area user 24 of same . 

Step ST33: 

The card memory area user 24 uses the apparatus code AC notified at step 
ST32 to request delivery of the memory area division registration apparatus 14 to the 
apparatus manufacturer. 

The above steps ST31 to ST33 are performed by using a personal computer of 
the card memory area user 24, telephone, and mail. 

Step ST34: 

The apparatus manufacturer 23 inquires about the legitimacy of the apparatus 
code AC to the card memory area operator 22 when needed in accordance with the 
delivery request received at step ST33 and delivers the memory area division 
registration apparatus 14^^ storing the apparatus code AC:^ to the card memory area user 
24. 

Step ST35: 

When the card memory area operator 22 receives^ for example^ a delivery 
completion notice of tiie memory area division registration apparatus 14 from the card 
memory area user 24, it reads the system code SYSC_(i)> the encrypted package data 
Pj, and first issuance data INF_1 from the memory 52 under the control of the 
processor 53 of the operator communication apparatus 12 shown in FIG. 5 and sends 
the same to the memory area division registration apparatus 14 via the communication 
interface 5 1 and the network 17. 

The data is received by the communication interface 61 of the memory area 
division registration apparatus 14 shown in FIG. 6, 
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Here, the first issuance data INF 1 is, for example^ as shown in FIG. 12, data 
obtained by encrypting module data including the uppermost area management data 
K_MU_F and the system code SYSC_F by the upper most area management key data 
K_MU_F. 

Step ST36: 

The processor 65 of the memory area division registration apparatus 14 shown 
in FIG. 6 writes in the memory 64 the system code S YSC_(i), the encrypted package 
data Pj, and the first issuance data information INF I received at step ST35. 

[Continuation of Sotting of Momor>^ i\roa Division ApporatUG H (ST3)] 

Next, a continuation of the setting of the memory area division registration 
apparatus 14 at step ST3 shown in FIG. 8 will be explained. 

FIG. 13 is a flowchart for explaining the processing. 

StepST41: 

The card memory area user 24 operates the operator 63 of the memory area 
division registration apparatus 14 shown in FIG. 14 to input an area management code 
acquisition instruction. Due to this, an area management code acquisition request 
REQ_AMC shown in FIG. 14A is sent to the operator communication apparatus 12 via 
the communication interface 61 and the network 17. 

The area management code acquisition request is received by the 
communication interface 51 of the operator communication apparatus 12 shown in 
FIG. 5. 

As shown in FIG. 14A, the area management code acquisition request 
REQ^AMC indicates the apparatus code AC, rejection information RI_F, number of 
registration areas, number of blocks of each of the registration areas, and number of 
service codes by in correGpondenco . 

Here, the apparatus code AC is notified to the card memory area user 24 from 
the card memory area operator 22 at step ST32 shown in FIG. 1 1 . 

The rejection information RI_F is flie information for specifying a party for 
which provision of services by using the same IC card 16 is rejected by the IC card 
issuer 21. 

The number of registration areas is the number of areas AREA F that the card 
memory area user 24 desires to use for storing file data relatmg to its own services and 
is defined after division of the memory 32 of the IC card 1 6. 
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The number of blocks of each of the registration areas is the number of blocks 
assigned to the area^ AREA. 

The number of service codes is the number of service codes which the card 
memory area user 24 desires to use for storing file data relating to its own services. 
5 Step ST42: 

When tlie processor 53 of the operator communication apparatus 12 shown in 
FIG. 5 receives the area management code acquisition request at step ST41, it 
generates an apparatus code list MCL and an area management code list ACL and 
stores the same in the memory 52. 
10 The apparatus code list ACL indicates, as shown in FIG. 14B, the apparatus 

code AC assigned to the memory area division registration apparatus 14, the area 
management code AMC_F (application code) assigned to one or more areas AlREA 
defined in the memory management area divided by the memory area division 
registration apparatus 14, and the rejection information RI_F received at step ST41 in 
15 correspondence. 

Furttiermore, the area management code hst AMCL is, as shown in FIG. 14C, 
generated for every area management code AMC JF (application code) indicated by the 
apparatus code list ACL in FIG. 14B and indicates the area management code AMC_F 
(application key), the area management key data K_AM_F corresponding to the 
20 corresponding area AREA_F, and file data written in the area, AREA_F i» 
oorrospondenco . 

Step ST43: 

The processor 53 of the operator communication apparatus 12 shown in FIG. 5 
uses the same IC card 16 as that of the card memory area user 24 to specify the IC card 
25 issuer 21^ which can provide services based on the rejection information RI_(i) stored 
in the memory 52 at step ST27 shown in FIG. 9 and the rejection information RI__F 
stored at step ST41. 
Step ST44: 

The processor 53 of the operator communication apparatus 12 uses the system 
30 code assigned to the IC card issuer 21 specified at step ST43 to generate a registerable 
system code list RPSL. 

The registerable system code list RPSL indicates, as shown in FIG. 15 A, the 
apparatus code AC assigned to the memory area division registration apparatus 14 and 
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the system code SC assigned to one or more IC card issuers 21 specified at step ST43 
in correspondence. 
Step ST45: 

The processor 53 of the operator communication apparatus 12 encrypts the area 
5 management code list AMCL generated at step ST42 and shown in FIG. 14C by the 
uppermost area management key data K_MU_F to generate area registration 
permission data rNF_ARP. 

Step ST46: 

The processor 53 of the operator communication apparatus 12 sends the 
10 registerable system code Hst RPSL and the area registration permission data INP ARP 
generated at step ST45 to the memory area division registration apparatus 14 via the 
commimication interface 51 and the network 17. 
^ These are received by the commimication interface 61 of the memory area 

p division registration apparatus 14 shown in FIG. 6, 

m 15 Step ST47: 

ass 

The processor 65 of the memory area division registration apparatus 14 shown 
in FIG. 6 stores the registerable system code list RPSL and the area registration 
p permission data INF_ARP received at step ST46 in the memory 64. 

IfJ At the stage of completing the above steps up to the step ST3 shown in FIG. 8, 

W 20 the memory 64 of the memory area division registration apparatus 14 stores, as shown 
m in FIG. 1 6, the encrypted package data Pj shown in FIG. 1 OC, the encrypted first 

issuance data INF l shown in FIG. 16, the registerable system code list RPSL shown 
in FIG. 1 5 A, and the encrypted area registration permission data INF ARP shown in 
FIG. 15B. 

25 [ O peration File R e giotration Apparatus 15 (ST1)] 

Next, a continuation of the setting of the operation file registration apparatus 1 5 
of step ST4 shown in FIG. 8 will be explained. 

FIG. 17 is a flowchart for explaining the processing. 
StepST51: 

30 The processor 53 of the operator communication apparatus 12 shown in FIG. 5 

sends the area management key data K_AM_F issued at the time of generating the 
apparatus code list ACL at step ST42 shown in FIG. 13 via the communication 
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interface 5 1 and the network 17 to the operation file registration apparatus 15 or uses 
other means to notify the card memory area user 24, 
Step ST52: 

The processor 53 of the operator communication apparatus 12 sends the area 
management code AMC_F issued at the time of generating the above apparatus code 
list ACL and the service code SC via the communication interface 51 and the network 
17 to the operation file registration apparatus 15. 

Step.ST53: 

The processor 53 of the operator communication apparatus 12 shown in FIG. 7 
generates, as shown in FIG. 19A, the file registration permission data FRP indicating 
the service codes SC and the file management key data K_FM_F determined by the 
card memory area user 24 in accordance with the service code SC in oorreopondencQ 
for one or more the service codes SC received at step ST52. 

Step ST54: 

The processor 53 of the operator communication apparatus 12 shown in FIG. 7 
encrypts the file registration permission data FRP generated at step ST53 by using the 
area management key data K_AM_F received at step ST51 and stores the same in the 
memory 52 as shown in FIG. 19B. 

At the stage of completing the above processing up to the step ST4 shown in 
FIG. 8, the memory 52 of the operation file registration apparatus 15 stores, as shown 
in FIG. 18, the area management code AMC_F, the area management key data 
K_AM_F, and the encrypted file registration permission data FRP shown in FIG. 19B. 

{Memor>^ Area Di\doion ProcoGcing of IC Card 16 by Momor>^ Area Diviaion 
^paratuo 11 (ST5)] 

Next, the memory area division processing of the IC card 16 by the memory 
area division registration apparatus 14 performed at step ST5 shown in FIG. 8 will be 
explained. 

FIG. 20 and FIG. 21 are flowcharts for explaining the processing. 
Step ST61: 

The IC card holder 26 visits a store of the card memory area user 24 carrying 
the IC card 16 and loads the IC card 16 m the memory area division registration 
apparatus 14. 
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Confloqu o ntly Subsequently , the system code SYSC_(i) stored in the memory 
32 of the IC card 16 is read and output to the memory area division registration 
apparatus 14 via the input/output interface 31. 

The system code SYSC_(i) is input to the card interface 62 of the memory area 
division registration apparatus 14 shown in FIG. 6. 

St^ ST62: 

The processor 65 of the memory area division registration apparatus 14 shown 
in FIG. 6 reads from the memory 64 the package data Pj and the first issuance data 
INF\L INF 1 corresponding to the system code SYSC_(i) input at step ST61. 

Step ST63: 

The processor 65 of the memory area division registration apparatus 14 outputs 
to the IC card 16 the rospeotiv e ly encrypted package data Pj and first issuance data 
INF__1 read at step ST62 via the card interface 62. 

Step ST64: 

The processor 33 of the IC card 16 shown in FIG. 2 first uses the uppermost 
area management key data K_MU_(i) to decrypt the package data Pj input at step 
ST62 to obtain division condition information included in the package data Pj and the 
encrypted package data Pf. 

Next, the processor 33 uses the division key data K_D to decrypt the package 
data Pf to obtain the system key data S YS_K_F and the uppermost area management 
key data K_MU_F included in the package data Pf. 

StepST65: 

The processor 33 of the IC card 16 encrypts by using the system key data 
S YS_K F and the uppermost area management key data K_MU_F to generate 
degenerate key data K_A1, performs mutual authentication with the memory area 
division registration apparatus 14 by using the degenerate key data K_A1, and 
proceeds to the processing of step ST66 when both of the IC card 16 and the memory 
area division registration apparatus 14 confirm the legitimacy of each other. 

In the above mutual authentication, for example, the memory area division 
registration apparatus 14 encrypts by using the system key data SYS K_F and the 
uppermost area management key data K_MU_F to generate degenerate key data 
K_A2. Then, the memory area division registration apparatus 14 generates a random 
number Rl and encrj^ts the random niunber Rl by using the degenerate key data 
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K_A2 to generate data Rla. Then, the memory area division registration apparatus 14 
outputs the random number Rl and the data Rla to the IC card 16. The IC card 16 
verifies whether the data obtained by decryptmg the data Rla hy using the degradation 
data K_A1 matches with the random number Rl and, when it matches, certifies that 
the memory area division registration apparatus 14 is the legitimate party. Also, by 
performing procoGoing by an oppooito otandpoint from tho abovo proceGsing by 
processing data using the random number generated by the IC card 16, the memory 
area division registration apparatus 14 certifies that the IC card 1 6 is the legitimate 
party. 

Step ST66: 

The processor 33 of the IC card 16 shown in FIG. 2 divides the memory area of 
the memory 32 and, as shown in FIG. 22, forms the uppermost area AREA_MU_(i) 
assigned to the IC card issuer 21 and the uppermost area AREA_MU_F assigned to the 
card memory area user 24. 

Step ST67: 

The processor 33 of flic IC card 16 stores (sets) the uppermost area 
management key data K_MU_F in correspondence with the uppermost area 
AREA_MU_F of the memory 32. 

Step ST68: 

The processor 33 of the IC card 16 uses the uppermost area management key 
data K_MU_F^ stored at step ST67^ to decrypt the first issuance data INF^l shown in 
FIG. 12 and input at step ST63. 

Step ST69: 

The processor 33 of the IC card 16 stores in the memory 32 the system code 
SYSC F included in the first issuance data INF__1 obtained by decrypting the data at 
step ST68. 

Step ST70: 

The processor 65 of the memory area division registration apparatus 14 judges 
whether the system code SYSC_(i) received from the IC card 16 at step ST61 in FIG. 
2 is included in the registerable system code list RPSL shown in FIG. 15 A stored in 
the memory 64 at step ST47 in FIG. 13 and, who n . If the system code is included, the 
processor 65 judges ^ whether the data related to tiie services provided by the card 
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memory area user 24 can be registered in the IC card 1 6 and proceeds to the 
processing at step ST7 1 , 

In the communication system 1, as explained at steps ST43 and ST44, based on 
the rejection information RIJi) by which the IC card igduqt 21 opocifieG apart>^ for 
wMch provision of and the rej e ction information RI F, an IC card issuer 21 is capable 
of providing services by using the same IC card 16 is rojectod and tho r o jootioB 
information PJ J by which as that of the card memory area user 24 specifies a party 
for which pro^ioion of conacoG by using tho oomo IC card 16 is rojectod, an IC card 
isGuer 21 capablo of pro\dding oonygooG by uoing tho oame IC card 16 ac that of tho card 
memor^^ ar e a user 21 is opocifiod and tho syotom codo aGsignod to the Gpecified IC card 
ioDUor21 to generate the registerable system code list RPSL. 

As a result, the IC card issuer 21 and the card memory area user 24 can avoid 
exclude an undesirable party from providing services by using the same IC card 16. 

StepST71: 

The processor 65 of the memory area division registration apparatus 14, when 
i«4ge^ wWdi can be registered at step ST70, outputs to the IC card 16 the encrypted 
area registration permission data INF__ARP shown in FIG. 1 5 stored in the memory 64 
at step ST47 in FIG. 13 via the card interface 62. 

The IC card 16 receives as input data, the encrypted area registration 
permission data INF_ARP via the input/output interface 3 1 shown in FIG. 2. 

As explained above, the area registration permission data INF ARP is 
encrypted by the uppermost area AREA_MU_F. 

Step ST72: 

The processor 33 of the IC card 16 shown in FIG. 2 decrypts the encrypted area 
registration permission information INF RP input via the input/output interface 31 at 
step ST71 by using the uppennost area management key data K__MU_F read from the 
memory 64. 

Step ST73: 

The processor 33 of the IC card 16 shown in FIG. 2 stores the area 
management key code AMC__F and the area management key data K_AM_F in the 
area registration permission information INF_RP decrypted at step ST72 in 
correspondence with the uppermost area AREA__MU_F formed at step ST66 in the 
memory 32 as shown in FIG. 23. 
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[Registration of Filo Datxi to IC Cord 16 by Qp e rfttion Fil e Regiotration 
ApparatuG 15 (ST6)] 

Next, the registration of file data to the IC card 16 by the operation file 
registration apparatus 15 performed at step ST6 shown in FIG, 8 will be explained. 
5 FIG» 24 is a flowchart for explaining the processing. 

StepSTSl: 

The IC card holder 26 visits a store of the card memory area user 24 carrying 
the IC card 16 and loads the IC card 16 in the operation file registration apparatus 15. 

Due to this, the processor 75 of the operation file registration apparatus 15 
1 0 shown in FIG. 7 sends a file search request including information for specifying the 
card memory area iiser 24, such as a service code SC or system code SYSC_F, via the 
card interface 72 to the IC card 16. 

Step ST82: 

When the input/output interface 31 receives the file search request at step 
1 5 ST8 1 , the processor 33 of the IC card 16 shown in FIG. 2 searches whether or not file 
data of services relating to the card memory area user 24 is stored in the memory 32 
based on the above information included in the file search request. 
Step ST83: 

When it is judged that the file data of the services relating to the card memory 
20 area user 24 is not stored in the memory 32 by the file search at step ST82, the 

processor 33 of the IC card 16 notifies that the file does not exist to the operation file 
registration apparatus 1 5 via the input/output interface 3 1 , 

Step ST84: 

When a notice of no file is received at step ST83, the processor 75 of the 
25 operation file registration apparatus 15 shown in FIG. 7 outputs file registration 

permission data FRP encrypted by the area management key data K AM F shown in 
FIG. 19B stored in the memory 74 at step ST54 shown in FIG. 17 via the card 
interface 72 to the IC card 16. 

The IC card 16 shown in FIG. 2 receives as input data, the file registration 
30 permission data FRP via the input/output interface 3 1 . 
Step ST85: 

The processor 33 of the IC card 16 shown in FIG. 2 decrypts the file 
registration permission data FRP input at step ST84 by using the area management key 
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data K_AMJF, uses the file management key data K_FM_F in the decrypted file 
registration permission data FRP, and writes file management key data K FMJF 
related to the service of the card memory area user 24 in the uppermost area 
AREA_MU_F shown in FIG. 23. As a result, the uppermost area AREA_MU_F 
becomes as shown in FIG. 25. 
Step ST86: 

The processor 33 of the IC card 16 shown in FIG. 2 writes the file management 
key data K FM F and the service code SC in the file registration pennission data FRP 
decrypted at step ST85 in correspondence with the file data written at step ST85 in the 
mOTiory 32, 

[Charging ProcooGing] 

In the communication system 1 , for example, the card memory area operator 22 
shown in FIG. 1 pays for the cost of receiving the loan of the memory area of the 
manory 32 of the IC card 16 to the IC card issuer 21 for example in units of blocks of 
the memory area. 

Also, the card memory area operator 22 bills the cost for use of part of the 
memory area of the memory 32 of the IC card 16 for the service of the card memory 
area user 24 as a license fee, a service code SC registration use fee, an area AREA 
registration fee, etc. to the card memory area user 24. 

As explained above, according to the communication system 1, when the IC 
card issuer 21 issues the IC card 16 to the card holder 26, file data relating to services 
provided by the card memory area user 24 can be registered in the unused memory 
area of the memory 32 of the IC card 16 based on predetermined conditions. 

As a result, the card holder 26 can receive services of both the IC card issuer 21 
and the card memory area user 24 by using the a single IC card 16 alone . 

Also, according to the communication system 1, as explained above, the 
package data Pj is generated through the processing of the issuer communication 
apparatus 1 1 by using the Pf generated by the operator commimication apparatus 1 2, 
provided to the IC card 16 via the operator communication apparatus 12 and the 
memory area division registration apparatus 14, and decrypted in the IC card 16t 
consequentl y . Consequentlv, the system code S YSC_F and the system key data 
SYS_K F necessary for writing the file data to the memory area (uppermost area 
AREA_MU_F) used by the card memory area user 24 in thoIC card 16 can be kept 
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secret from the IC card issuer 21. Also, since the package data Pj is decrypted by 
using the system key data SYS_K_(i) in the IC card 16, the system key data 
S YS_K_(i) necessary for writing the file data to the memory area (uppermost area 
AREA_MU_F) used by the IC card issuer 21 can be kept secret from the card memory 
area operator 22 and the card memory area user 24. 

Also, according to the communication system 1, by respectively defining the 
areas AREA_(i) and AREA_F in the uppermost area AIlEA__MU_(i) and the 
AREA_MU_F and by using the area management data K__AM_(i) and K__AM_F to 
write the file data to the AKEA_F, illicit writing to the memory area can be further 
offootivoly prevented. 

Namely, according to the communication system 1, by dividing the memory 
area of the IC card 16 and keeping secret the key data used for a write operation of 
data on each of the divided memory areas from unauthorized persons, unauthorized 
access to the memory area can be is prevented. 

As a result, it becomes possible to get for the unused area^ which is not used by 
the IC card issuer 21 in the memory area of the IC card 16 ase d, to be safely used by a 
card memory area user 24 other than the IC card issuer 21 and possible to improv e 
thereby improves the convenience of the IC card 16. 

The present invention is not limited to the above embodiment. 

For example, in the above embodiment, a cas e of setting various data to the 
memory area division registration ^paratus 14 and the card memory area user 24 from 
the operator conununication apparatus 12 after delivering the memory area division 
registration apparatus 14 and operation file registration apparatus 15 to the card 
memory area user 24 was explained as an example, bu t . However, the information 
may be set before delivering the memory area division registration apparatus 14 and 
the operation file registration apparatus 1 5 to the card memory area user 24 under the 
control of the card memory area operator 22. 

Also, a coflo an examp le of configuring the memory area division registration 
apparatus 14 and the operation file registration apparatus 15 as separate apparatuses 
was explained as an example in the above embodimen t, but tho v . However, the 
apparatuses 14 and 15 may be realized as a single apparatus. 

Also, in the above embodiment, a oafie an example of setting the memory area 
division registration apparatus 14 and the operation file registration apparatus 15 in a 
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store of the card memory area user 24 was explained ao an oxample^ but tho y . The 
apparatuses 14 and 15 may also be set in a store of the operator commxmication 
apparatus 12©te. 

Also, in the above embodiment, exclusive apparatuses were used as the 
5 memory area division registration apparatus 14 and the operation file registration 

apparatus 15, but the apparatuses may be reahzed by a personal computer ete r. or other 
similar device, of the card memory area user 24 under the condition that it is an 
apparatus having a function of keeping secret data in accordance with need. 

Below, an IC card system of an embodiment related to the above 
10 communication system 1 will be explained. 

(1) Configuration of Embodiment (1-1) Basic Configuration 

FIG. 27 is a block diagram of the configuration of an IC card system according 
to the present embodiment. 

In FIG. 27, an IC card 3A/3B corresponds to the IC card 16 shown in FIG. 1. 
1 5 Also, a card provider 2 corresponds to the card issuer 11 and 21and the issuer 

communication apparatus 1 1 shown in FIG. 1 . 

Also, a lending business 5 and a management server 5 A correspond to the card 
memory area operator 22 and the operator communication apparatus 12 in FIG 1 . 

Also, an area user 6 corresponds to the card memory area user 24 shown in 

20 FIG. 1. 

Also Furthennore , an operation terminal 8 corresponds to the memory area 
division registration apparatus 14 and the operation file registration apparatus 15 
shown in FIG. 1 FIG. L 

In the IC card system 101, the card provider 2 issues a non-contact type IC card 

25 3 A/3B free of charge or by purchase by a user and performs processing of for example 
cashing, passage of turnstiles at train stations, etc.^ by access from the provider 
terminal 4A to 4N by using the IC card 3A/3B. Also, a memory space of the IC card 
3Ay3B left over after the above use for a service relating to its own business is lent to a 
area user 6 desiring to use it by management of the lending business 5 or by its own 

30 management. Due to this, the IC card system 101 becomes capable of providing a 
variety of services not only to the card provider but to the area user 6 by the IC card 
3A/3B. Note that in the'lC card system 101, a series of processing is executed by a 
computer imder management of the card provider 2, the lending business 5, the area 
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user 6, etc. , howev e r However, in the explanation below, for a simpler explanation 
and easy understanding, the configuration of the IC card system 101 will be explained 
by suitably setting each of the card provider 2, lading business 5, and area user 6, etc.^ 
as main components. 

5 Namely, in the IC card system 101, a card manufacturer 7 produces the IC card 

3 A/3B upon order by the card provider 2 and delivers it to the card provider 2. At this 
time, the IC card 3 Ay3B is issued by recording a card code Ccd notified Jfrom the card 
provider 2 and a division processing key notified from the lending business 5 ate. 
Here, the card code Ccd is an identification code unique to the IC card 3 A/3B and 
1 0 selected by the card provider 2 by a later explained procedure. The division 
processing key is a key unique to the IC card 3A/3B relating to processing for 
preparing a system area separately. When the card provider 2 entrusts management of 
empty areas of the IC card 3A/3B to the lending business 5, the card provider 2 
notifies the card code Ccd to the lending business 5, pays a license fee, obtains 
15 permission from the lending business 5, and issues the IC card 3A/3B. 

On the other hand, the card provider 2 is the entity issuing the IC card 3A/3B 
Q and selects the card code Ccd, notifies the same to the card manufacturer 7, and 

£3 receives the IC card 3 A/3B from the card manufacturer 7. Also, when the IC card 

3A/3B is delivered from the card manufacturer 7, the card provider 2 accesses the IC 
20 card 3A/3B by an exclusive access apparatus, that is, a readerAvriter, and sets the 

services to be usable by the IC card 3A/3B. Here, in the processing, the card provider 
2 sets a system area in the memory space of the IC card 3A/3B by transfer of data 
encrypted by using a predetermined key and sets a user area of a predetermined 
number of blocks (n blocks). 
25 The card provider 2 records data necessary for accessing the user area, data 

necessary for updating the system area, data for specifying records of the system area, 
etc.^ in the system area and records files necessary for services expected to be provided 
in the user area. 

Namely, the card provider 2 records area management information indicating 
30 the recording positions of the files and not recorded areas in units of block in the 

system area and enables access to desired files requested from an external apparatus by 
the area management information. Also, a file key for encrypting processing 
corresponding to the files, an application key applied to one service by a plurality of 
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files, an area management key as ^ key for releasing encrypting corresponding to 
the card provider 2, and a system key for encrypting processing of all data to be 
input/output arc recorded. As a result, in the blocks of the user area set in the IC card 
3 A/3B, encrypting of data input from the provider terminal 4A and 4B is released by a 
combination of the corresponding system key, the application key, the area 
management key, and the file key so that it is made possible to write in a 
predetermined memory space. 

Also, the system key, the area management key, the application key, the area 
management key serving as a key for managing the file key, etc. are recordedy-the. 
The system key etc. is updated only by access using the file management key, and the 
application key and the file key or e made impoGoible to r e gister or update. 

Also, application codes unique to the services and a system code for specifying 
recording of the system area are recorded to enable the variety of services provided by 
the IC card 3A/3B to be identified by the ^plication code and system code. Note that 
the IC card 3 A/3B is configured so that files relating to one service are recorded in 
successive blocks, an address of the head block of the successive blocks is assigned to 
the application code, and thereby thus, corresponding files are recorded in the memory 
space by using the application code as a reference. They The files are made to b e 
accessible by the area management information after being recorded. 

If the IC card 3A/3B is made to b e usable by configuring the system area and 
user area as explained above, the card provider 2 provides the IC card 3 A/3B to the 
card user for a fee or free of charge. Furthermore, when there is an access using the IC 
card 3A/3B from the provider terminals 4A and 4B serving as terminal apparatuses of 
services offered by the card provider 2, a predetermined service is provided. 

Thus, the provider terminals 4A and 4B modulate information to be used for 
transmission by a predetermined carrier in a built-in reader/writer to drive a built-in 
antenna so as to repeatedly emit a call to the IC card 3 A/3B at a predetermined cycle. 
Here, when the IC card 3 A is held close to the antenna and a response to the call is 
sent from the IC card 3 A, the reader/writer executes processing for mutual 
authentication with the IC card 3 A and judges whether or not mutual data 
communication with the IC card 3 A is possible. 

When it is judged by the mutual authentication that mutual data 
communication is possible, the provider terminals 4 A and 4B detect a response of the 
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IC card 3 A/3B to the call using the system code and thereby judge whether it is an IC 
card 3 A/3B having a system area corresponding thereto or not. Furthermore, by 
obtaining a response of the IC card 3 A/3B to the call using the system management 
key and the application code, it is judged whether the IC card 3 A/3B relates to its own 
5 service. When judged to be an IC card 3A/3B relating to its own service as explained 
above, the provider terminals 4A and 4B access the user area by transferring encrypted 
data by a combination of the system key, area management key, appUcation key, and 
file key. 

For example when offering a service by electronic money, they execute 
10 processing for detecting an amount recorded on the IC card 3 A, subtracting an amount 
used by the user from the balance^ and recording this in the IC card 3 Ar©te. Also, 
when the card provider 2 issues points for an amount of purohase purchases made by 
^ the user and offers a variety of services in accordance with the points, it executes 

O processing for updating points ete. recorded on the IC card 3 A in accordance with the 

m 15 amount of the purchase by the user. 

% The IC card 3 A/3B is a non-contact type IC card which starts to operate by 

O power induced by the built-in loop antenna and performs processing on a high 

n frequency signal induced to the loop antenna by a predetermined signal processing 

m circuit so as to receive the call from the reader/writer. The IC card 3 A/3B sends a 

ly 

^ 20 response to the call, further executes processing for mutual authentication upon request 
fy from the reader/writer for the response, and th e reby thus, judges whether data 

exchange is possible with the reader/writer. 

Furthermore, it transmits a collation result of the system code and application 
code recorded in the system area to the reader/writer in response to a call using the 
25 system code and application code from the reader/writer and therefore^ can execute a 
series of processing only when relating to a service scheduled to be provided by the 
reader/writer. 

As a result, when confirmation is obtained by the reader/writer in this way, the 
IC card 3A/3B accesses corresponding files in accordance with access using the 
30 successively input system key, area management key, application key, and file key and 
thereby executes a series of processing by the file. Also, it secures an area for 
recording the file by updating the system area by gaining access using the area 
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management key and the system management key and updates the system area by 
receiving registration of the file key, application code, and application key. 
(1-2) Division of Area 

The card provider 2 yields the management right of the unused areas of the 
memory space of the IC card 3A/3B to the lending business 5 or lends the memory 
space to the area user 6 which desires to use the IC card 3 A/3B by the lending business 
5 while holding the management right in its own hands. As a resuh, in this IC card 
system 1 01, even a terminal of the area user 6, that is, the operation terminal 8, can use 
services provided by the area user 6. Due to this, services of electronic money, 
ticketing, etc.^ offered by different businesses can be utilized as desired by the user by^ 
for example, the IC card 3A/3B of a commuter's pass. 

Thus, the operation terminal 8 is installed in a store ©ter of the user 6, provides 
services relating to an operation by the area user 6, and sets the IC card 3A/3B to be 
able to use the services of the area user 6 eter by an operation by the user in addition to 
the provision of these services. 

FIG. 26 is a block diagram of a series of processing in the case of transferring 
the management right of the unused areas therein to the lending business 5. Here, in 
the present embodiment, as shown in FIG. 28, the processing divides an empty area of 
the memory space into a predetermined number of blocks, separately sets a system 
area (hereinafter, referred to as a new system area) formed by siting the manager as 
the lendmg business in the divided areas in the same way as explained above with 
reference to FIG. 27, and manages the divided areas by the new system area. 

Thus, the lending business 5 records data necessary for forming the new 
system area in the IC card 3 A/3B by access to the IC card 3B by the operation terminal 
8 using the system area set by the card provider 2. At this time, the lending business 5 
secures a user area corresponding to the number of blocks authorized by the card 
provider 2 , furthermoro . Furthermore, the lending business 5 prevents tlie secret 
information of the new system area, that is, the system management key, area 
management key, etc.^, from being kept secret from a third party including the card 
provider 2, and thereby makes the user area used by the area user 6 unaccessible even 
by the card provider 2. 

Therefore, the lending business 5 specifically removes information relating to a 
file to be recorded on the user area and encrypts information comprismg the new 
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system area. The encrvptioTi is performed by an encrypting key corresponding to a 
division processing key to generate a package Pf and sends the package Pf to the card 
provider 2 together with information specifying the IC card 3A/3B. Note that the 
infonnation here is prepared by information obtained by removing information related 
to specific services, such as a file key, application key, application code, etc. from 
various information of the above system area explained with reference to FIG. 28 
arranged in a format corresponding to the configuration of the system area. Due to 
this, the lending business 5 keeps the area management key, system management key, 
etc. set in the new system area secret from the card provider 2 and provides 
information used for generating the system area to the card provider 2. 

Consequently Subsequently, in the IC card system 101, by inputting/outputting 
infonnation encrypted to enable release of the encrypting by a key for releasing 
encrypting recorded in the system area, that is, the system key, with the first terminal 
apparatus corresponding to the recording of the system area explained with reference 
to FIG. 28, that is, the provider termmal 4A/4B, the IC card 3A/3B^ in which the 
memory space is accessed in accordance with the recording of the system area by the 
first terminal apparatus^ is designed to encrypt information of the new system area 
corresponding to the system area to enable release of the encrypting by a 
predetermined area division key recorded in the IC card 3 A/3B to generate encrypted 
information. 

After the predetermined server adds dummy data to the thus notified package 
Pj in accordance with blocks lent to the lending business, the card provider 2 generates 
encrypted information by encrypting by the information using the area management 
key and the system key and further encr>rptG encrypting the information by setting the 
application code etc. and system management key etc. so as to record the encrypted 
information in successive predetermined blocks in the memory space by management 
of the system area explained above with reference to FIG. 28. As a result, the card 
provider 2 generates a package Pj relating to the same configuration as a data stream 
sent from the provider terminals 4A and 4B when recording a file relating to a 
predetermined application to the blocks lent to the lending business 5 and provides the 
package Pj together with the mutual authentication key and system code to the lending 
business 5. Consequently, the card provider 2 keeps the area management key and 
system management key etc. of the original system area, which it manages itself^ 
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secret from the lending business 5 and provides the package Pj generating the new 
system area and a corresponding user area to the lending business 5 together with the 
mutual authentication key etc. 

As a result, the lending business 5 obtains from the card provider 2 the package 
Pj relating to the area setting processing for a predetermined number corresponding to 
the charging processing together with the mutual authentication key etc. by advance 
processmg and provides the same to the area user 6 conditional on executing charging 
processing for setting areas at the card provider 2 and obtaining permission from the 
card provider 2. 

As opposed to this, the operation terminal 8 executes processing for mutual 
authentication relating to the new system area with the IC card 3B in tlie same way as 
the provider terminals 4A and 4B by settings in advance and receives the mutual 
authentication key from the area user 6 and executes processing for mutual 
authentication with the IC card 3B by the mutual authentication key when mutual 
authentication is not obtained. Here, when mutual authentication has been achieved, 
the IC card 3B notifies that fact to the area user 6 since it is an IC card to which a new 
system area is not yet set. 

Accordingly, the area user 6 instructs to secure an area corresponding to the IC 
card 3B by sending the package Pj to the operation terminal 8. Due to the instruction, 
the operation terminal 8 uses the record of the previous system area related to usage of 
the provider terminals 4A and 4B and records information of the package Pj in a 
predetermined area of the IC card 3B. As a result, in the IC card system 1 01, the IC 
card 3B is made to secure a user area corresponding to the new system area. Also, 
corresponding to the encrypting processing of the package Pf by the card provider 2 at 
this time, it releases encrypting by the system key and area management key set in the 
original system area of the IC card 3B, the records by releasing encrypting by the 
division processing key and thereby forms the same new system area as the system 
area of the provider terminals 4 A and 4B. 

Also, the system sets the user area to be hard to access even by the card 
provider 2 by various kinds of keys set in the new system area and accordingly can 
completely entrust management of the memory space to the lending busmess 5. 

As a result, in the IC card system 101, by setting the new system area by the 
lending business 5 in the memory space of the IC card 3A/3B and dividing the 
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memory space as explained above, the management right of the divided memory 
space is transferred from the card provider 2 to the lending business 5. 

Due to this, in the IC card system 101, in the same way as execution by the 
card provider 2 by management of the memory space by the original system area by 
using the provider terminals 4A and 4B, for example^ and by the management of the 
memory space by the new system area using an exclusive terminal apparatus by the 
lending business 5, the lending business 5 can also provide a variety of services by 
managing the IC card 3A/3B, 

In the above way, in the IC card system 101, a management computer at the 
card provider 2 side comprises a second encrypting means for further encrypting the 
encrypted information, that is, the package Pj, to enable release of the encrypting 
encrypted information by the area management key recorded in the previous system 
area, to generate the second encrypting information, that is, the package Pi t. The 
management comput er further comprises an input means for an operation terminal 8 to 
input the package Pj to the IC card 3A/3B by access of the IC card 3A/3B 
corresponding to the recording in the first system area, that is, the previous system 
area, by access of the IC card 3Ay3B using the mutual authentication key of the 
provider terminals 4A and 4B by the operation terminal 8t^ ^. Moreover, the 
computer releases the encr>T3ting encrypted information of the package Pj in the IC 
card 3A/3B and records information of the new system area in the memory space of 
the IC card 3 A/3B by access of the IC card 3A/3B corresponding to the first terminal 
apparatus. 

(1-3) Lending of Memory Space 

The lending busmess 5 lends memory space to the area user 6^ which desires to 
use the IC card 3A/3B witli respect to the divided memory space^ when dividing the 
memory space of the IC card 3A/3B and receiving part of the management right in this 
way or with respect to the entrusted memory space when the lending of the memory 
space is entrusted by the card provider 2 while the card provider 2 keeps the 
management right at its own hands. As a result, in the IC card system 101, even more 
types of businesses can offer a variety of services using the IC card 3A/3B in common. 

In the lending processing, when the card provider 2 and area user 6 do not 
desire to provide services using a single IC card 3A/3B in common, the lending 
business 5 limits the lending of the memory space by rejection processing. Due to 
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this, for example, the memory space of the IC card 3A/3B is not lent for a service of a 
certain provider in a rival relationship wiih the card provider 2. Further, lending 
processing is selectively performed for an IC card 3A/3B relating to a rate desired by 
the area user 6. Due to this, the area user 6 can reject lending for example for an IC 
card 3A/3B ef at a high lending rate, 
(1 -3- 1 ) Registration of Service 

FIG. 30 is a block diagram for explaining pre-processing of the rejection 
processing in the IC card system 101. Namely, m the IC card system 101, the lending 
busmess 5 obtains from the IC card issuer 21^ lending conditions together with the card 
code Ccd as to the IC card 3A/3B entrusted to be lent at the time of requesting 
production of the IC card 3A/3B to the card manufacturer 7 by the card provider 2 etc. 
Here, the lending conditions include rejection conditions of the application (APL), 
price of the area, and expiration date; the rejection conditions of an application include 
sectors and businesses for which lending is rejected and other data specifying services 
(for example, an application code); and the price of the area includes data for 
specifying a fee of one block relating to lending. Also, the expiration date is 
composed of data for specifying a lending period. As a result, when rojooting lending 
is rejected in this way, for example, a ^as e of prohibiting use of the IC card 3A/3B by 
rival businesses «ter may be considered. 

The lending business 5 records the feus obtained card code Ccd and the lending 
conditions in a management server 5 A and thereby prepares a card code hst formed by 
recording the card code Ccd and the lending condition of the IC card 3A/3B. 
Furthermore, the lending business 5 approves the card code Ccd for access from the 
card manufacturer 7. 

Furthermore, the lending business 5 has the area user 6^ which desires to use 
the IC card 3 A/3B^ set the operation terminal 8 and makes the operation terminal 8 
fimction as a registration apparatus so that the area user 6 can register services. The 
area user 6 can access the IC card 3A/3B from the operation terminal 8 and use it for a 
variety of services. 

The lending business 5 records information of the services to be registered 
from the operation temiinal 8 in the management server 5 A to generate a registration 
machine code hst and an application code list shown in FIG. 3 1 and executes the 
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rejection processing by judgement made by comparing these lists with the card code 
hst. 

Namely, when the lending business 5 authorizes the area user 6 to use the IC 
card 3 A/3B fey under a contract formed with the area user 6, it issues an unused 
5 registration machine code Med to the area user 6 when there is an issuance request of a 
unique registration machine code Med from the area user 6 to the operation terminal 8. 
When issuing the registration machine code Med in this way, the management server 
5 A records a business code indicating that the operation terminal 8 relating to the 
registration machine code Med is related to the area user 6 and an application (APL) 
10 code of the services which the operation terminal 8 is scheduled to operate and 
prepares a registration machine code list ther e by. Note that when starting a new 
services of the area user 6 by the existing operation terminal 8, this can be dealt with 
by updating contents of a corresponding registration machine code at the time of 
requesting to obtain the application code related to the new services. 
15 In the IC card system 101, when the registration machine code Med is notified 

from the lending business 5 to the area user 6^, as explained above, the area user 6 asks 
a registration machine manufacturer 10 for delivering an operation terminal 8 by the 
registration machine code Med. In this case, by the request for permission from the 
registration machine manufacturer 1 0, the lending business 5 approves production of 
ffl 20 the operation terminal 8 with the registration machine code Med. Thus, in the IC card 

o 

flj system 101, the registration machine manufacturer 10 produces the operation terminal 

8 by recording the registration machine code Me d. Then , the operation terminal 8 is 
delivered to the area user 6, and a license fee is charged in this case. 

In the IC card system 101, for an operation terminal 8 delivered to the area user 
25 6 explained above, when the area user 6 requests issuance of an application code 

relatmg to the new services by the operation terminal 8, the lending business 5 selects 
an unused application code, notifies the same, and updates contents of the registration 
machine code Ust by the apphcation code. Furthermore, the number of blocks of the 
IC card 3A/3B relating to lending set by the contract, rejection conditions of the IC 
30 card (rejection conditions of a card code) which the lending business 5 does not desire 
to use, etc. are recorded in the management server 5 A along with a corresponding 
application key so as to prepare the application (APL) code list Note that in FIG. 31, 
the rejection conditions of the card code are records of card codes of the IC cards 
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which the lending business 5 does not desire to use, specifically, card codes and usage 
fees per block that are blocked for uscrete. As a result, as such a cas e , a oaGo where a 
rival business of the area user 6 is the card provider 2, a case of a high usage rate, etc. 
may be considered. 

When preparing a list in this way, as shown in FIG. 32, the lending business 5 
compares conditions for recording to the card code list with conditions for recording to 
the application code list for every application code and card code and thereby prepares 
a list of registration permission infonnation for registering services to the IC card 
3 A/3B except for combinations of registration of services by the area user 6 which the 
card provider 2 does not desire and combinations of registration of services to the IC 
card 3 A/3B which the area user does not desire etc. 

At this time, the lending business 5 sends the registration permission 
information from the operation terminal 8 to the IC card 3 A/3B, records an application 
code and an application key corresponding to the IC card 3A/3B in the IC card 3A/3B, 
and prepares a list by recording the registration pennission information so that the 
number of blocks for recording corresponding files can be secured. Note that when the 
lending business 5 is only entrusted with lending of a memory space, since the area 
management information, system key, and system management key recorded in the 
system area necessary for preparing such registration permission information are 
known only by the card provider 2, information of the application code, application 
key, and number of blocks are notified to the card provider 2 and registration 
information is generated by oncr^T^ting procoGoing throueh encryption bv the card 
provider 2. As opposed to this, when providing services in a memory space 
corresponding to the system area by registering the information to the system area 
managed by the lending business, since area management infonnation, system key, 
and system management key recorded in the system area are known only by the 
lending business 5, the registration information is generated by processing of the 
lending business 5 by itself 

When data exchange is started between the operation terminal 8 and the IC 
card 3 A/3B in a state where the application registration list is prepared in advance as 
explained above, when the system area relating to the operation terminal 8 is not 
formed in the IC card 3 A/3B, the system area is formed and then existence of a record 
of an application code relating to the services of the operation terminal 8 is confirmed 
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in the operation terminal 8. Here, when the application code is not recorded in the IC 
card 3A/3B, it is considered that files relating to the services of the operation terminal 
8 are not yet registered in the IC card 3A/3B. At this time, when a plurality of services 
are provided by the operation terminal 8, the operation terminal 8 issues a command to 
the IC card 3Ay3B to successively read the apphcation code and detects services which 
are not yet registered from the read application code. Furthermore, existence of 
provision of tktts detected services which are not yet registered^ is confirmed for the 
user which carries the IC card 3A/3B. If the user desires a service here, the 
registration machine code and service code are notified to the lending business 5 via 
the area user 6. 

Furthermore, when searching through the apphcation registration list by using 
a search result of the registration machine code list by the registration machine code as 
a reference and recording registration permission information as a registerable service, 
the registration permission information of the corresponding application is notified 
firom the application registration list to the operation terminal 8. On the other hand, 
when registration pennission information of the corresponding application is not 
registered, since registration is difficult due to the above rejection processing, the user 
is informed of it via the operation terminal 8. 

In the IC card system 101, a registration key K used for registering a file 
necessar/ for providing a service is also notified firom the area user at the time of 
notifying the registration permission information to the operation terminal 8. The 
operation terminal 8 accesses the IC card 3B by the registration permission 
information to enable registration of a file and file key relating to a service. Then, by 
accessing the IC card 3B using the registration key K notified from the area user 6, tiie 
file and corresponding file key relating to the service are registered. Thus, in the IC 
card system 101, tlie area user 6 uses the memory space lent firom the lending business 
5 or the area user 6 uses the memory space lent firom the card provider 2 and the lent 
memory space is managed by the file key kept by the area user 6, so a variety of 
services can be provided. 

When the services become available in this way, the operation terminal 8 prints 
a sticker indicating the newly usable service by a built-in printer and provides the 
sticker to the user of the IC card 3B. As a result, in the IC card system 101, even in 
the case where a large number of services are recorded in the IC card 3B, the user can 
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confirm the available services by adhering the stickers on the IC card 3B. Note that 
instead of printing such a sticker, it is possible to directly print the information on the 
IC card 3B. 

As explained above, when a service becomes available by the IC card 3B, the 
lending business 5 performs charging relating to collection of fees at the time of 
registration in the area user 6 and charging relating to payment of the registration fee 
in the card provider 2. Furthermore, the registration is listed for each card code of the 
IC cards and records left. The lending business 5 performs charging for use of the card 
for example in units of months by periodic tabulation of the records. 

Note that the series of processing of the data processing method of the present 
invention can be executed by hardware, but can also be executed by software 
(program). When executing the series of processing by software, it is possible to 
install the software from a storage medium or downloaded it via a network into a 
computer incorporating a program comprising the software in exclusive hardware or a 
general-use personal computer capable of executuig a variety of ftmctions by 
installation of a variety of programs etc. 

As explamed above, according to the present invention, it is possible to provide 
a data processing method and cystem, a portabl e devic e , a data procossing apparatue 
and method, and a progra m, system^ and app aratus which can deal with a variety of 
demands including security aspects of a service provider when a plurality of 
businesses share a single IC card eter. 
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CLxMMS CLAIMS 
The invention is claimed as follows: 



1 . A data processing method for processing so that a portable device 
mounting including an integrated circuit for storing key data for dividing memory area 
division data and first area management key data whioh^ is authorized to perform at 
least one of a write operation of data to a memory area of said integrated circuit and a 
rewrite operation of data to the memory area on the condition that the first area 
managCTient key data is us e d makes a second service provider provide a service using 
part of said memory area of said integrated circuit when said portable device is issued 
by a first service provider providing a service using said memory area, 

said data processing method comprising the steps of: 

having a memory area operation unit managing said key data for dividing 
memory a rea division data e ncrypt first module data including second area 
management key data by the key data for dividing and provido memory area division 
data, and providing the same to the first service provider; 

having the issuer of the portable device, which is said first service provider, 
encrypt second module data including the encrypted first module data by using said 
first area management key data and provido providing the same to said memory area 
operation unit; and, 

under the control of the memory area operation unit, providing the encrypted 
second module data to the integrated circuit, decrypting the second module data by 
using the first area management key data in the integrated circuit, decrypting the first 
module data in the decrypted second module data by using the key data for dividing 
memory area division data , and dividing the memory area to a first memory area to be 
used for 6en , ac e the services of the first service provider and a second memory area to 
be used for Gorvic^e the services of the second service provider by using the second area 
management key data obtained by tho docr>^pting firom the decryption of the data . 

2. A data processing method as set forth in claim 1 , further comprising the 
step of having the integrated circuit divide the memory area into the first memory area 
wherein at least one of a write operation of data and a rewrite operation of data is 
authorized on the condition that the first area management key data is used and the 
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second memory area wherein at least one of a write operation of data and a rewrite 
operation of data is authorized on the condition that the second area management key 
data is used. 



5 3 . A data processing method as set forth in claim 1 , further comprising: 

having the integrated circuit further store first system key data and authorize at 
least one of a write operation of data to the memory area and a rewrite operation of 
data in the memory area on the condition the first system key data and the first area 
management key data are used; 
10 having the memory area operation unit encrypt first module data further 

including second system key data by the key data for dividing memory area division 
data a nd provide the same to the first service provider; 
)^ having the first service provider encrypt second module data including the 

P encrypted first module data and division condition information indicating the condition 

^ 15 for dividing the memory area for use by another service provider by using the first area 
J management key data and provide providing it to the memory area operation unit; and 

0 having the integrated circuit decrypt the second module data by using the first 
Q area management key data, decrypt the first module data in the decrypted second 

!2t module by using the key data for dividing memory area division data, and divide the 

1 y 

20 memory area by using the second system key data, second area management key data, 
and division condition information obtained by the decrypting the data. 



4. A data processing method as set forth in claim 1 , further comprising 
providing a memory area division apparatus for dividing said memory area to 
25 said second service provider under the control of said memory area operation unit and 
having said memory area division apparatus provide said enciypted second 
module data to said integrated circuit. 



5. A data processing method as set forth in claim 2, when providing a 
30 plurahty of third memory areas can b e defined in said second memory area and third 
area management key data used for performing at least one of a write operation of data 
to the third memory area and a rewrite operation of data in the third memory area is 
defined fe¥ in each of said plurality of third memory areas, 
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further comprising the steps of having : 

having said memory area operation unit encrypt third area management key 
data by second area management key data and provide the same to said memory area 
division apparatus; 

having said memory area division apparatus provide said encrypted third area 
management key data to said integrated circuit; and 

having said integrated circuit decrypt said encrypted third area management 
key data by using said second area management key data, estabHsh correspondence 
with said third memory areas defined in said second memory area to store said third 
area management key data obtained by smd decrypting the data . 

6. A data processmg method as set forth in claim 5, fiirther comprising the 

step: 

having said memory area operation unit assign a service code for identifying a 
service provided by using the third memory area for each of said third memory areas 
and generate and store an area code list indicating an area code for identifying said 
third memory area, said third area management key data corresponding to the thkd 
memory area, and said service code assigned to the corresponding third memory area 
in correspondence . 

7. A data processing method as set forth in claim 3, further comprising the 
steps of: 

providing a memory area division apparatus for dividing said memory area te- 
for said second service provider under the control of said memory area operation unit; 

having said memory area division apparatus provide said encrypted second 
module data to said integrated circuit; 

havmg said memory area operation unit provide first degenerate key data 
obtained by encrypting by the data using said second system key data and said second 
area management key data to said memory area division apparatus; 

having said integrated circuit generate second degenerate key data by 
encrypting by the data using said second system key data obtained by decrypting the 
data and said second area management key data; and 
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performing mutual authentication between said memory area division 
apparatus and said integrated circuit by using said first degenerate key data and said 
second degenerate key data. 

8. A data processing method as^set forth in claim 6, further comprising the 
steps of: 

having said memory area operation unit 

provide an operation file registration apparatus to said second service provider, 
provide said third area management key data to said operation file registration 
apparatus, and 

establish correspondence between said service code in said area code list and 
said area code to provide the same to said operation file registration £^paratus; 

having said operation file registration apparatus store file registration 
permission data indicating said service code and file management key data issued by 
said second service provider in correspondence, encrypt said file registration 
permission data by using said third area management key data, and provide the same to 
said integrated circuit; and 

having said integrated circuit decrypt said file registration permission data by 
usmg said third area management key data and write file data relating to a service of 
said second service provider to said third memory area by using said file management 
key data in said decrypted file registration permission data. 

9. A data processing method as set forth in claim 4, further comprising the 
steps of, 

when there are a plurality of said first service providers, and said first system 
management key data and a system code for identifying said first service provider are 
added to each of said plurality of first service providers, 

having said memory area operation unit 

receive rejection information for opocifying that specifies a party for which 
provision of services firom respective service providers by using the same integrated 
circuit is rejected from said first service provider and said second service provider. 
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generate a registerable system code list indicating said system code added to 
said first service provider capable of providing a service by said same integrated 
circuit as said second service provider based on said rejection information, and 

provide the registerable system code list to said memory area division 
apparatus; and 

having said memory area division apparatus judge whether or not to divide said 
memory area of the integrated circuit based on said system code stored in the 
integrated circuit and said registerable system code Ust before dividing said memory 
area of said integrated circuit. 

10. A data processing method as set forth in claim 1 , further comprising the 
step of having said memory area operation unit pay a fee for using said second 
memory area of said integrated circuit to said first service provider. 

11. A data processing method as set forth in claim 1 , further comprising the 
step of having said second service provider pay a fee for using said second memory 
area of said integrated circuit to said memory area operation unit. 

12. A data processmg method as set forth in claim 1 , wherein said portable 
device is a card. 



13. A data processing system for processing data so that a portable device 
moimting including an integrated circuit for storing key data for dividing memorv area 
division data and first area management key data which is authorized to perform at 
least one of a write operation of data to a memory area of said integrated circuit and a 
rewrite operation of data to the memory area on the condition that the first area 
management key data is used makes a second service provider provide a service using 
part of said memory area of said integrated circuit when issued by a first service 
provider providing a oerv^oo usmg said memory area, wherein the system has 

a memory area operation processing apparatus used by a memory area 
operation unit which manages the key data for dividing memory area division data, 

a first service provider processing apparatus used by the issuer of the portable 
device which is the first service provider, and 
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a second service provider processing apparatus used by the first service 
provider; 

wherein; 

the memory area operation processing apparatus encrypts first module data 
5 including second area management key data by the key data for di^i-iding memorv area 
division data and sends the same to the first service provider processing apparatus; 

the first service provider processing apparatus encrypts second module data 
including the received encrypted first module by using the first area management key 
data and sends the same to the memory area operation processing apparatus; 
1 0 the memory area operation processing apparatus provides the received 

encrypted second module data to the integrated circuit; and 

the integrated circuit decrypts the second module data by using the first area 
Q management key data, decrypts the first module data in the decrypted second module 

rf by using the koy data for di\dding memorv area division data, and divides the memory 

m 1 5 area to a first memory area to be used for service of the first service provider and a 
^ second memory area to be used for service of the second service provider by using the 

^ second area management key data obtained by the decrypting the data under control of 

Q the memory area operation unit, 

ru 

2 2^ 1 4. A data processing system as set forth in claim 13, wherein said 

nj integrated circuit divides said memory area te into said first memory area wherein at 

least one of a write operation of data and a rewrite operation of data is authorized on 
the condition that said first area management key data and said second memory area 
are used wherein at least one of a write operation of data and a rewrite operation ef 
25 data is authorized on the condition that where said second area management key data 
is used. 

15. A data processing system as set forth in claim 1 3, wherein: 
said integrated circuit further stores first system key data and authorizes at least 
30 one of a write operation of data to said memory area and a rewrite operation of data in 
the memory area on the condition that said first system key data and said first area 
management key data are used; 



4I8827/D/2 CP0B02. 



Ill 



said memory area operation processing apparatais encrypts first module data 
fiirther including second system key data by said key data for dividing memory area 
division data and provides the same to a first service provider processing apparatus; 

said first service provider processing apparatus encrypts second module data 
including said encrypted first module and division condition information indicating 
conditions of dividing said memory area for use of other service providers and 
provides it to said memory area operation unit processing apparatus; and 

said integrated circuit decrypts said second module data by using said first area 
management key data, decrypts said first module data in the decrypted second module 
data by using said key data for dividing memory area division data, and divides said 
memory area by using said second system key data, second area management key data, 
and said division condition information obtained by ^le decrypting the data . 

16. A portable device moimting an integrated circuit used for a first service 
provider providing a service, wherein the integrated circuit comprises: 

a memory means for storing key data for dividing memory area division data 
managed by a memory area operation unit performing processing to make a second 
service provider provide a service using a part of a memory area of the integrated 
circuit and first area management key data; 

an input means for inputting a module including second area management key 
data issued by the memory area operation unit winch is encrypted by the memory area 
operation imit fey using the key data for dividing memory area division data and 
furthermore encrypted by the first service provider by using the first area management 
key data; and 

a processing means for decrypting the input module by using the ke^^ data for 
dividing memory area division data a nd the first area management key data, dividing a 
memory area of the memory means to a first memory area and a second memory area 
by using the second area management key data in the decrypted module, authorizing at 
least one of a write operation of data to the first memory area and a rewrite operation 
<^fdata in the memory area on the condition that the first area management key data is 
used and authorizing at least one of a write operation of data to the second memory 
area and a rewrite operation of data in the memory area on the condition that the 
second area management key data is used. 
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17. A portable device as set forth in claim 16, wherein said processing 
means authorizes a write operation of a file used for processing of the processing 
means in said first memory area on the condition that said first area management key 
data IS used and authorizes a write operation of a file used for processing of the 
processing means in said second memory area on the condition that said second area 
management key data is used. 

18. A portable device as set forth in claim 16, wherein: 
said memory means further stores first system key data; 

said input means receives as an inputs said module further including second 
system key data; and 

said processing means uses said second system key data and said second area 
management key data in said decrypted module to divide the memory area of said 
memory means to said first memory area and said second memory area, authorizes at 
least one of a write operation of data to said first memory area or a rewrite operation ef 
4dta in the memory area on the condition that said first system key data and said first 
area management key data are used, and authorizes at least one of a write operation ef 
data to said second memory area or a rewrite operation of data in the memory area on 
the condition that said second system key data and said second area management key 
data are used. 

19. A data processing apparatus for processing data so that a portable 
device mounting including an integrated circuit for storing distribution key data, a 
system code for identifying a first service provider, and first area management key 
data which is authorized to perform at least one of a write operation of data to a 
memory area of said integrated circuit and a rewrite operation of data to the memory 
area on the condition that the first area management key data io uGod makes a second 
service provider provide a service using part of said memory area of said integrated 
circuit when issued by a first service provider providing a first service using said 
memory area, wherein 

the apparatus has a memory means, processing means, and input/output means; 
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the memory means stores rejection information specifying a service 
provider which can provide service by the same integrated circuit indicated by the first 
service provider and the second service provider; 

the processing means encrypts a first module including second management 
key data by using the key data for dividing memorv area division data : 

the input/output means outputs the encrypted first module to provide it to the 
first service provider, receives as input a second module including the encrypted first 
module and encrypted in the first service provider by usmg the first area management 
key data, and outputs flie second module to provide it to a memory area division 
apparatus for dividing the memory area under control of the second service provider so 
that a part of the memory area of the integrated circuit can be used by the second 
service provider; 

the processing means generates a registerable system code list indicating the 
system code added to the first service provider which can provide service by the same 
integrated circuit as the second service provider based on the rejection information; 
and 

the input/output means outputs the system code list to provide it to the memory 
area division apparatus. 

20. A data processing apparatus as set forth in claim 19, wherein 

when said memory area division apparatus divides said memory area of said 
integrated circuit into said first memory area wherein at least one of a write 
operation of data and a rewrite operation of data is authorized on the condition that 
said first area management key data is used^ and said second memory area wherein at 
least one of a write operation of data and a rewrite operation of data is authorized on 
the condition that said second area management key data is used; 

said processing means defines a plurality of memory areas in said second 
memory area, issues third area management key data used for performing at least one 
of a write operation of data to the third memory area and a rewrite operation of data in 
said third memory area for each of said plurality of third memory areas and encrypts 
the third area management key data by said second area management key data; and 

said input/output means outputs said encrypted third area management key data 
to provide it to said memory area division apparatus. 
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21. A data processing apparatus as set forth in claim 20, wherein said 
processing means issues a service code for identifying a service provided by using the 
third memory area for each of said third memory areas and generates an area code hst 
indicating an area code for identifying said third memory areas, said third area 
management data corresponding to the third memory area, and said service code 
assigned to the third memory area in correspondence; and 

said memory means stores said area code list. 

22. A data processing apparatus as set forth in claim 21, wherein said 
input/output means establishes correspondence between said area code included in said 
area code list and said service code and outputs the same to provide it to a file 
registration apparatus for writmg file data used for a service of said second service 
provider in said third memory area of said integrated circuit. 

23. A data processing apparatus for processing data so that a portable 
device including an integrated circuit for storing distribution key data, a system code 
for identifying a first service provider, and first area management key data which is 
authorized to perform at least one of a write operation of data to a memory area of said 
integrated circuit and a rewrite operation of data to the memory area on the condition 
that the first area management key data is used makes a second service provider 
provide a service using part of said memory area of said integrated circuit whra issued 
by a first service provider providing a first service using said memory area, wherein 
the apparatus has a memory means, inpuVoutput means, and processing means; 

the memory means stores a module including second area management key 
data issued by a memory area operation unit for managing processing of the data 
processing apparatus and encrypted by the memory area operation unit by using the 
key data for dividmg memorv area division data and a registerable system code list 
indicating the system code added to the first service provider which can provide 
service by the same integrated circuit as the second service provider; 

the input/output means receives as input the system code fi-om the integrated 
circuit; and 
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the processing means outputs the module to the mtegrated circuit via the 
input/output means when it judges that the input system code is indicated in the 
registerable system code Ust, 

24, A data processing apparatus for performing processing to write jfile data 
in a second memory area of an integrated circuit having a first memory area wherein at 
least one of a write operation and rewrite operation of file data used for providing a 
first service is authorized on the condition that first area management key data is used 
and a second memory area wherein at least one of a write operation and rewrite 
operation of file data used for providing a second service is authorized on the 
condition that second area management key data is used, 

when a plurality of third memory areas are defined in the second memory area, 
third memory management key data used for performing at least one of a write 
operation of data to a third memory area and a rewrite operation of data in the third 
memory area is defined for each of the plurahty of third memory areas, and said 
integrated circuit stores said third area management key data; comprioing^ 

said data processing apparatus, comprising: 

a memory means storing third area management data and file key data which is 
issued by the second service provider, used at the time of writing the file data to a third 
memory area, and encrypted by the tiiird area management key data; 

an output means for outputting the encrypted file key data to the integrated 
circuit; and 

a writing means for writing file data to be used for providing the second service 
to the second memory area of the integrated circuit by using the file key data. 

25. A portable unit issuing method comprising the steps of: 
issuing a portable unit mounting including an integrated circuit for storing key 
data for dividing memory a rea division data and first area management key data and 
authorizing at least one of a write operation of data to a memory area in said integrated 
circuit and a rewrite operation of data in the memory area on the condition that the first 
area management key data is used and 

requesting a memory area operation unit managing the key data for dividing 
memory area division data to divide the memory area of the integrated circuit to a first 
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memory area wherein at least one of a write operation of data and re-write date 
operation in the memory area is authorized on the condition that the first area 
management key data is used and a second memory area wherein at least one of a 
write operation of data and a rewrite operation of data in the memory area is 
authorized on the condition that the second area management key data is used by using 
the key - data for dividing memory area division data . 

26. A method of issuing a portable unit as set forth in claim 25, wherein 
said portable unit is a integrated circuit card. 

27. A program for making a computer execute processing so that a portable 
device mounting including an integrated circuit for storing key data for dividing 
memorv area division data, a system code for identifying a first service provider, and 
first area management key data which is authorized to perform at least one of a write 
operation of data to a memory area of said integrated circuit and a rewrite operation ef 
date to the memory area on the condition that the first area management key data i& 
«s©d makes a second service provider provide a service using part of said memory area 
of said integrated circuit when issued by a first service provider providing a first 
service using said memory area, comprising making the computer execute 

a routine for receiving as input the system code from the integrated circuit; 

a routine for referring to a registerable system code list indicating the system 
code given to the first service provider which can provide a service by the same 
integrated circuit as the second service provider and judging whether the input system 
code is indicated in the registerable system code list; and 

a routine for outputting to the integrated circuit a module including second area 
management data issued by a memory area operation unit managing execution of the 
program and encrypted by the memory area operation xmit by using the key data for 
di\dding memorv area division data and further encrypted by the first service provider 
by using the first area management key data when judging that the input system code 
is indicated in the registerable system code list. 

28. A data processing method for processing so that a portable device 
mounting including an integrated circuit for storing distribution key data, a system 
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code for identifying a first service provider, and first area management key data which 
is authorized to perform at least one of a write operation of data to a memory area of 
said integrated circuit and a rewrite operation of data to the memory area on the 
condition that the first area management key data is uood makes a second service 
provider provide a service using part of said memory area of said integrated circuit 
when issued by a first service provider providing a first service using said memory 
area, comprising: 

a routine of inputting the system code fi-om the integrated circuit; 

a routine of referring to a registerable system code Ust indicating the system 
code given to the first service provider which can provide service by the same 
integrated circuit as the second ser\dce provider and judging whether the input system 
code is indicated in the registerable system code list; and 

a routine of outputting to the integrated circuit a module including second area 
management data issued by a memory area operation unit managing execution of the 
program and encrypted by the memory area operation unit by using the distribution 
key data for dividing and fijrther encrypted by the first service provider by using the 
first area management key data when it judges that the input system code is indicated 
in the registerable system code list. 

29. A program for making a computer execute processing for writing file 
data to a second memory area of an integrated circuit having a first memory area 
wherein at least one of a write operation and rewrite operation of file data used for 
providing a first service is authorized on the condition that first area management key 
data is used and a second memory area wherein at least one of a write operation and 
rewrite operation of file data used for providing a second service is authorized on the 
condition that second area management key data is used, molcing the computer execute 
said pro grani comprising: 

a routine of outputting to the integrated circuit file key data which is issued by 
a second service provider, used at the time of vmting the file data in a third memory 
area, and encrypted by a third area management data when a plurahty of third memory 
areas are defmed in the second memory area, a third memory management key data 
used for performing at least one of a vmte operation of data t o a third memory area and 
a rcwntc operation of data in the third memory area is defined for each of the plurality 
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of third memory areas, and the integrated circuit stores the third area management key 
data; and 

a routine of writing file data used for providing the second service in the 
second memory area of the integrated circuit by using the file key data. 

30. A data processing method for performing processing for writing file 
data to a second memory area of an integrated circuit having a first memory area 
wherein at least one of a vmte operation and rewrite operation of file data used for 
providing a first service is authorized on the condition that first area management key 
data is used and a second memory area wherein at least one of a write operation and 
rewrite operation of file data used for providing a second service is authorized on the 
condition that second area management key data is used, comprising: 

a routine of outputting to the integrated circuit file key data which is issued by 
a second service provider, used at the time of writing the file data in a third memory 
area, and encrypted by a third area management data when a plurality of third memory 
areas are defined in the second memory area, a third memory management key data 
used for performing at least one of a write operation of data to a third memory area and 
a rewrite operation of data in the third memory area is defined for each of tiie plurahty 
of third memory areas, and the mtegrated circuit stores the third area management key 
data and 

a routine of writing file data used for providing the second service in the 
second memory area of the integrated circuit by using the file key data. 
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ABSTRACT 

An IC card issuer issues an IC card and requests a card memory area operator 
to lend part of a memory area of the IC card to another card memory area user. The 
card memory area operator provides a memory area division apparatus and various 
5 data to the memory area division apparatus under the control of an operator 
communication apparatus 12. The card memory area user divides the memory area of 
the IC card into a memory area to be used by the IC card issuer and a memory area 
to be used by the card memory area user. The operation file registration apparatus 
writes file data for the card memory area user providing a aervioo to the memory area 
1 0 of the card memory area user obtained by the above division. 
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